This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Web Services Certification (SCDJWS/OCEJWSD) and the fly likes authentication is needed for access control Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Certification » Web Services Certification (SCDJWS/OCEJWSD)
Bookmark "authentication is needed for access control" Watch "authentication is needed for access control" New topic
Author

authentication is needed for access control

Himai Minh
Ranch Hand

Joined: Jul 29, 2012
Posts: 721
In EPractice lab, a question
"EPractice Labs order management business logic is implemented in EJB components and running in www123testlab.com server. The license server located in www.epracticelabs.com access these components via RMI with container-managed security. Customer role can access processLicense method and admin role can access delete/update business method. The technical team wants to use these business services in PHP and ASP web applications."
Which container-managed web service security mechanism would the technical team use to allow PHP and ASP web service clients to use the current security model?"
Select one:
A. annotations mapped to JAX-WS runtime
B. HTTP basic authentication
C. XML digital signature
D. XKMS.
The given answer is A. EPractice Lab explains " annotations play a critical role in JAX-WS. First, annotations are used in mapping Java to WSDL and schema. Second, annotations are used a runtime to control how to the JAX-WS runtime processes and responds to web service invocations."


I think the answer should be A and B.

I think the service should annotated the methods with @RolesAllowed like this :

In sun-ejb-jar.xml, basic authentication can be specified:


The reason why we still need this sun-ejb-jar.xml file to specify authentication method because the web container should authenticate the users first before the EJB container authorizes the users (eg authorizes John Smith who is a customer to access the processLicense() method.)
 
 
subject: authentication is needed for access control
 
Similar Threads
EJB container /web container and authentication
Please provide me detailed exam topics for SCDJWS certification
Can we use both XACML and basic authentication in a container managed WS for authorization?
oce 6 web services exam success story
basic authentication for web service not working for UserDataBaseRealm in tomcat 6