K
Karl Uppiano
I am an experienced Java programmer, but I am perplexed by what seems to be
a simple and common problem.
I am developing a web-based client/server application based on the new
JAX-WS API in JSE 6. The server self-publishes a web service using
javax.xml.ws.Endpoint.publish. The client is a JSE 6 Swing application that
accesses the server using javax.xml.ws.Service.
One of my web methods can reconfigure some properties in the server. For
that, I need the client to identify themselves, so the server can decide if
they are allowed to perform the operation or not. One brain-dead solution
would be to add a username/password parameter to the web method. I am no
security wonk, and with so many security APIs in Java and WS-*, I fear I am
missing a prefabricated, integrated (with Java and/or the platform) solution
that would encompass my immediate needs, and cover security risks that I
have not yet considered.
I have Googled the usual suspects: JSE 6 JavaDocs, tutorials, various WS-*
specs, and so on, but nothing obvious really jumps out at me. Any other
suggestions?
a simple and common problem.
I am developing a web-based client/server application based on the new
JAX-WS API in JSE 6. The server self-publishes a web service using
javax.xml.ws.Endpoint.publish. The client is a JSE 6 Swing application that
accesses the server using javax.xml.ws.Service.
One of my web methods can reconfigure some properties in the server. For
that, I need the client to identify themselves, so the server can decide if
they are allowed to perform the operation or not. One brain-dead solution
would be to add a username/password parameter to the web method. I am no
security wonk, and with so many security APIs in Java and WS-*, I fear I am
missing a prefabricated, integrated (with Java and/or the platform) solution
that would encompass my immediate needs, and cover security risks that I
have not yet considered.
I have Googled the usual suspects: JSE 6 JavaDocs, tutorials, various WS-*
specs, and so on, but nothing obvious really jumps out at me. Any other
suggestions?