File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Security Question: Web Service using VPN Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Security Question: Web Service using VPN" Watch "Security Question: Web Service using VPN" New topic
Author

Security Question: Web Service using VPN

Sara Bento
Greenhorn

Joined: Apr 29, 2012
Posts: 2
Hi,

I am planning to develop a web service available to our customers. Our customers are connected via vpn. The web service will handling highly sensitive information.

Now I am wondering if I have to implement message level security in addition to vpn?!?

Many thanks in advance,
Sara
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12676
    
    5
If you have more than one customer on the VPN and you don't add WS-* security such as authentication, wouldn't you worry about customers being able to see other customer information?

Bill

Java Resources at www.wbrogden.com
Sara Bento
Greenhorn

Joined: Apr 29, 2012
Posts: 2
Thank you for your fast reply!!

I'm not sure…

In the following, a few more details: We have a central authentication/authorization system. One of our most important applications is integrated (applet) into many other in-house applications. When a user wants to open the applet, the application which integrates the applet calls the central authentication/authorization system to authenticate the user.

Now, the applet should be integrated into an application hosted by one of our customers. So our central authentication/authorization system should provide a web service. As I mentioned, all our customers are connected via vpn. And of course it is possible, that other customers want to use the web service too…..

Sorry, if I have expressed myself too complicated and also for my poor English. I'm very new to all this stuff, but willing to learn:-)

Thank you very much in advance,
Sara
Roger Sterling
Ranch Hand

Joined: Apr 06, 2012
Posts: 387
    
    2

Sara - what you need is something called RBAC (Role-based Access Control). This allows only the principles to see their own information and not the others.

http://en.wikipedia.org/wiki/Role-based_access_control
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Security Question: Web Service using VPN
 
Similar Threads
Dynamically add ws-security to a service
Getting error while calling web service using VPN. Urgent!!
This weeks giveaway
Compaq Ipaq
Creating a web service client