Not sure if this is the right forum, but since the security experts are here and the question relates to security and the JAXM package... How does one go about securing a web service call using a JavaTM API for XML Messaging (JAXM) client and a non-Java web service server (.NET)? There is nothing formalized in the SOAP 1.1 spec as they state
Not described in this document are methods for integrity and privacy protection. Such issues will be addressed more fully in a future version(s) of this document.
What I am trying to do is to have a .NET web service on on server consumed by a Java client on a client. I can make that work using GLUE from http://www.themindelectric.com in very little code, but there is no security capability for the call. I'm interested in using the JAXM pacakge but can not find anything in that API remotely related to security principles, etc. Is my only choice SOAP over HTTPS and connection level security (roll my own authentication?) Can the book authors comments on security and web services in this example (or any example, actually ) Thanks, Paul
yeah, i figured that, but didn't want to re-register and have two names on the forum. i'll try to change my username without re-registering, but it is my company name, so i don't see what's wrong with it, but admins are a strange lot, so i'm sure i'm violating something paul
Please see the Apache SOAP 2.2 Documentation - User's Guide: http://xml.apache.org/soap/docs/guide/index.html on the subject of "Writing Provider". This documentation describes what is a provider. You can write a provider that intercepts a SOAP request and performs things like authentication/authorization before the the webservice method is called.