hi everyone. In test environment we have a websphere application server with security enabled. On our web application we have some services: spring http services and jax-ws services. Another web application that is installed on the same application server of the first application, uses both kind of services, but while authentication is necessary only for jax-ws services (ws-security) for http services is not. Can you tell me why?
excuse me, I'm a little confused about the difference between http spring service and jax-ws service. I think I need to read more. As I said in test environment we had jax-ws services with authentication, so at the moment we removed the basic authentication configured on the web.xml and then authentication were not required anymore. But I'm curious about how to enable security on spring http service. Thanks
The type of security you mentioned is container level security. There are varying degrees of this offered by different vendors. You also add additional security like that offered by Spring Security. This would be used to secure something like your remoting endpoint. I did find an example demonstrating one way this could be done.