JAX-WS and Security

K

Karl Uppiano

I am an experienced Java programmer, but I am perplexed by what seems to be
a simple and common problem.

I am developing a web-based client/server application based on the new
JAX-WS API in JSE 6. The server self-publishes a web service using
javax.xml.ws.Endpoint.publish. The client is a JSE 6 Swing application that
accesses the server using javax.xml.ws.Service.

One of my web methods can reconfigure some properties in the server. For
that, I need the client to identify themselves, so the server can decide if
they are allowed to perform the operation or not. One brain-dead solution
would be to add a username/password parameter to the web method. I am no
security wonk, and with so many security APIs in Java and WS-*, I fear I am
missing a prefabricated, integrated (with Java and/or the platform) solution
that would encompass my immediate needs, and cover security risks that I
have not yet considered.

I have Googled the usual suspects: JSE 6 JavaDocs, tutorials, various WS-*
specs, and so on, but nothing obvious really jumps out at me. Any other
suggestions?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

JAX-WS and RuntimeException in service implementation 2
JAX-WS supports both static and dynamic clients 7
Jax-WS attachments puzzle 2
Isn't Anyone Migrating from JAX-RPC to JAX-WS? 3
Jax-ws 0
Creating and consuming Web services JAX-WS / Netbeans 0
Migrating JAX-RPC to JAX-WS 1
JAX-WS controlling occurrence constraints in schema -- how to? 3

Members online

No members online now.
Total: 32 (members: 1, guests: 31)
Robots: 430

Forum statistics

Threads
473,770
Messages
2,569,584
Members
45,075
Latest member
MakersCBDBloodSupport

Latest Threads

Top