I have a jax-ws soap web service (implemented NOT like Session bean) generated in NetBeans from wsdl. Deployed on Glassfish 3.1.2. I want to secure access to it using mutual certificate authentication usig SSL and https. I have read a lot of articles and books. As I understood there are several variants:
What is the best and the most adequate method? May be you can advise me anything else?
Could you show me a good tutorial which includes every step (generating certificates, modifying source code, config Glassfish)?
And why web service security is considered different from simple web apps security?