JAX-WS and Security

K

Karl Uppiano

I am an experienced Java programmer, but I am perplexed by what seems to be
a simple and common problem.

I am developing a web-based client/server application based on the new
JAX-WS API in JSE 6. The server self-publishes a web service using
javax.xml.ws.Endpoint.publish. The client is a JSE 6 Swing application that
accesses the server using javax.xml.ws.Service.

One of my web methods can reconfigure some properties in the server. For
that, I need the client to identify themselves, so the server can decide if
they are allowed to perform the operation or not. One brain-dead solution
would be to add a username/password parameter to the web method. I am no
security wonk, and with so many security APIs in Java and WS-*, I fear I am
missing a prefabricated, integrated (with Java and/or the platform) solution
that would encompass my immediate needs, and cover security risks that I
have not yet considered.

I have Googled the usual suspects: JSE 6 JavaDocs, tutorials, various WS-*
specs, and so on, but nothing obvious really jumps out at me. Any other
suggestions?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,981
Messages
2,570,188
Members
46,733
Latest member
LonaMonzon

Latest Threads

Top