Created by Geronimo 2.2 Web Service Application security

Description: With more and more extensive Web Service applications, how to ensure safe access to services and transport, but also of growing concern of developers and users. The security of Web Service could be considered in two ways: access to security and transmission security.. The former mainly refers to only authorized users can access applications, which focus on the message transmission process of how to ensure privacy and integrity of the message. This article describes how the Apache Geronimo development and deployment of secure Web Service applications to ensure the security of information exchange, will focus on how based on HTTP / HTTPS protocol protect the Web Service application access and transmission security.

Web Service Security Overview

In the Java EE platform, has been JAX-RPC and JAX-WS Web Service application profiles of two, but both have done no detailed provisions for security. So how do you ensure that the Web Service application security? The total is well known, Web Service application server and the client is using SOAP as the interaction protocol, and SOAP as an application layer protocol which can be transmitted based on a variety of other protocols, such as HTTP / HTTPS, FTP and so on. In the actual application environment, HTTP / HTTPS protocol is the most widely used.. In fact, SOAP and Web Service related specifications, mainly based on the SOAP HTTP / HTTPS to transmit described. Obviously, when we consider the Web Service security, security in the transmission control protocol option is a natural one.

Apache Geronimo in the Web Service Provider

Apache Geronimo integration of the three were the more popular Web Service engine, namely, Apache Axis, Apache Axis2 and Apache CXF. For the Axis, by integrating its implementation of the JAX-RPC specification support, follow-up two projects, focusing on providing support for JAX-WS specification. The two distributions in the Geronimo Geronimo-Tomcat and Geronimo-Jetty, respectively, enabled by default Axis2 and CXF. For Geronimo's two releases, the user can install the corresponding plug-in and simple configuration to switch to another Web Service engine, please refer to the relevant documents Geronimo,, this is no longer described as tired. By default, this sample are run in Geronimo-Tomcat release, and use Axis2 as a Web Service engine, and follow the JAX-WS specification writing.

A simple Web Service Application

In this paper, we take an online bookstore application, for example, it provides the function of books by title review, and the form of external Web Service to provide services. Along with a Web client application to access the online bookstore services. As Listing 1 shows, the server is a simple POJO class and add the WebService logo. Provided queryByName way to retrieve the parameter passed name eligible books there, and ultimately return a Book array of objects.

Listing 1. Online bookstore server implementation

                               
@WebService(name = "BookStore", targetNamespace = "http://geronimo.apache.org/bookstore") 
 public class BookStoreImpl { 

    private List<Book> books = new LinkedList<Book>(); 

    @PostConstruct 
    protected void initialize() { 
        books.add(new Book("1", "Thinking In Java", "Bruce")); 
        books.add(new Book("2", "WAS CE Bible", "WAS CE Team")); 
    } 

    public Book[] queryByName(String name) { 
        if (name == null || name.length() == 0) { 
            return new Book[0]; 
        } 
        List<Book> foundBookList = new ArrayList<Book>(); 
        for (Book book : books) { 
            if (book.getName().indexOf(name) != -1) { 
                foundBookList.add(book); 
            } 
        } 
        return foundBookList.toArray(new Book[0]); 
    } 

    @PreDestroy 
    protected void destory() { 
        books.clear(); 
    } 
 } 
       


Meanwhile, the file web.xml in the deployment, we will list a POJO class with Servlet as shown in the form of public, in the specific configuration, please refer to Listing 2 .

Listing 2. Web.xml configuration snippet

                               
 <servlet> 
 <servlet-name>BookStore</servlet-name> 
    <servlet-class> 
            org.apache.geronimo.samples.securityWebService.BookStoreImpl 
 </servlet-class> 
 </servlet> 
 <servlet-mapping> 
 <servlet-name>BookStore</servlet-name> 
    <url-pattern>/bookstore</url-pattern> 
 </servlet-mapping> 
       


Will be shown above in the application deployment to Apache Geronimo, the input http://localhost:8080/SecurityWebServices/bookstore browser after should the picture 1 shows, it means that the online bookstore application has been successfully deployed.

Photo 1. BookStoreImplService access the page
Created by Geronimo 2.2 Web Service Application security

Web Service Client

The same client is a Web application, first through the tools generated WSDL files based on Geronimo the relevant class files generated locally, by injection BookStoreClient identified using WebServiceRef way to obtain a reference BookStore services, please refer to Listing 3 :

Listing 3. Client-side code snippet

                               
                                BookStoreClient.java
           
 @WebServiceRef(name = "services/BookStore") 
 private BookStoreImplService service; 

 protected void doPost(HttpServletRequest request, HttpServletResponse response) 
    throws ServletException, IOException { 
        String queryName = request.getParameter("name"); 
        if (queryName != null && queryName.length() > 0) { 
            request.setAttribute("books", 
                service.getPort(BookStore.class).queryByName(queryName)); 
        } 
        request.getRequestDispatcher("index.jsp").forward(request, response); 
 } 
       


Client applications in the web.xml and geronimo-web.xml file, you need to configure some parameters of the service, please refer to Listing 4 . Set the parameters include the release of Web Service server address and other information, corresponding to Listing 2 in the configuration.

Listing 4. Web.xml / geronimo-web.xml configuration snippet

                               
                                web.xml

 <service-ref> 
        <service-ref-name>services/BookStore</service-ref-name> 
        <service-interface> 
            org.apache.geronimo.samples.securityWebService.BookStoreImplService 
        </service-interface> 
 </service-ref> 
 geronimo-web.xml

 <name:service-ref> 
 <name:service-ref-name>services/BookStore</name:service-ref-name> 
                 <name:port> 
            <name:port-name>BookStorePort</name:port-name> 
            <name:protocol>http</name:protocol> 
            <name:host>localhost</name:host> 
            <name:port>8080</name:port> 
            <name:uri>/SecurityWebServices/bookstore</name:uri> 
        </name:port> 
 </name:service-ref> 
       


So far, we have completed a simple example of online stacks. Enter through the browser http://localhost:8080/SecurityWebServiceClient/, and in Java as a keyword search of books, would be as picture 2 below.

Photo 2. BookStoreClient access the page


So far, the example Web Service application without any security settings, any client can be accessed directly. In subsequent chapters, we will show based on the example of how to use Apache Geronimo in a variety of security policies to ensure the security of Web Service applications, including unauthorized access and transmission security.

HTTP BASIC authentication policy based on security

HTTP BASIC authentication method is very simple to the server when the client initiated request a protected resource, the server might return the message includes a message header WWW-Authenticate: Basic realm = "example.com", then if the customer client is a browser, then an input box will pop up that prompts the user to enter a user name and password. In a user name and password, the client uses Base64 encoding of the encrypted user name and password and return to the server. Since our application is essentially a Web Service via a Servlet in the form of external release, it is clear, we can in the web.xml and geronimo-web.xml for Servlet access path corresponding to the security settings, which can reach the Web Service Application unauthorized access. See Listing 5 and Listing 6 .

Listing 5. Web.xml configuration snippet

                               
 <security-constraint> 
         <web-resource-collection> 
                 <web-resource-name>basicResources</web-resource-name> 
                 <url-pattern>/bookstore/*</url-pattern> 
                 <http-method>POST</http-method> 
                 <http-method>GET</http-method> 
                 </web-resource-collection> 
                 <auth-constraint> 
                 <role-name>admin</role-name> 
                 </auth-constraint> 
                 <user-data-constraint> 
                 <transport-guarantee>NONE</transport-guarantee> 
                 </user-data-constraint> 
         </security-constraint> 
         <login-config> 
                         <auth-method>BASIC</auth-method> 
 <realm-name>geronimo-admin</realm-name> 
 </login-config> 
 <security-role> 
        <role-name>admin</role-name> 
 </security-role> 
       


Listing 6. Geronimo-web.xml configuration snippet

                               
 <web:security-realm-name>geronimo-admin</web:security-realm-name> 
 <sec:security> 
 <sec:role-mappings> 
    <sec:role role-name="admin"> 
        <sec:principal name="admin" 
          /> 
        </sec:role> 
    </sec:role-mappings> 
 </sec:security> 
       


In Listing 5, is set on the access path / bookstore GET and POST requests to any need to use HTTP BASIC authentication, allows access to the role of the admin. In Listing 6 , specify the implementation of authentication security domain, for example convenience. Our own direct use of the Geronimo geronimo-admin as the specified security domain, the user can define and deploy their own security domain, while the role of the security domain admin admin mapping group, that is, when logged on user belongs to admin group , it will have on access to protected resources. When re-deployed, this time through the browser and then access http://localhost:8080/SecurityWebServices/bookstore?WSDL, will be prompted for a username and password. Such as picture 3 shows.

Photo 3. BookStoreImplService access the page


Next, we modify the Web client, it can be accessed by HTTP BASIC authentication protected Web Service applications. In the JAX-WS API, you can set the authentication interface through BindingProvider desired user name and password. See Listing 7 , for example convenience, the user name and password hard-coded approach to actual use can adopt a more flexible way.

Listing 7. BookStoreClient snippet

                               
 String queryName = request.getParameter("name"); 
 if (queryName != null && queryName.length() > 0) { 
    BookStore bookStore = service.getPort(BookStore.class); 
    BindingProvider bindingProvider = (BindingProvider) bookStore; 
    bindingProvider.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "system"); 
   bindingProvider.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,"manager"); 
    request.setAttribute("books", bookStore.queryByName(queryName)); 
 } 
 request.getRequestDispatcher("index.jsp").forward(request, response); 
       


By adding code in the client authentication information, our clients and can access the online bookstore Web Service applied. From the list of 7 can be noted that the user need to modify the client code to add the login information needed. In fact, Apache Geronimo application server platform to provide the relevant level of support, users can deploy the file in the Credential Store and define the manner specified login information, log on by the application server to handle the necessary issues. The following example, we still use the application server that comes with geronimo-admin security domain, in the actual development and build environment, the user must define their own security domain and the authentication module. Detailed steps are as follows:

  • Stop Apache Geronimo, edit var / config / config.xml file and add as Listing 8 shows the configuration information, and copies of articles download example simple_credentials.properties file to var / security directory.
  • Modify the client application deployment files geronimo-web.xml, add as Listing 9 shows the configuration information.
  • Remove Listing 7 in the class in the client BookStoreClient the relevant code for the login authentication.
  • Start the Apache Geronimo application server, and redeploy SecurityWebServiceClient application.


Listing 8. Config.xml

                               
 <module name="org.apache.geronimo.framework/server-security-config/2.2/car"> 
  <gbean name="org.apache.geronimo.framework/server-security-config/2.2/car? 
        ServiceModule=org.apache.geronimo.framework/server-security-config/2.2/car,
        j2eeType=LoginModule,name=simple-crddentials-login" 
        gbeanInfo="org.apache.geronimo.security.jaas.LoginModuleGBean"> 
        <attribute name="loginModuleClass"> 
            org.apache.geronimo.security.realm.providers. 
            GeronimoPropertiesFileMappedPasswordCredentialLoginModule 
        </attribute> 
        <attribute name="options"> 
            credentialsURI=var/security/simple_credentials.properties 
        </attribute> 
        <attribute name="loginDomainName">simple-crddentials</attribute> 
    </gbean> 
    <gbean name="org.apache.geronimo.framework/server-security-config/2.2/car? 
        ServiceModule=org.apache.geronimo.framework/server-security-config/2.2/car,
        j2eeType=LoginModuleUse,name=simple-crddentials-login-use" 
        gbeanInfo="org.apache.geronimo.security.jaas.JaasLoginModuleUse"> 
        <attribute name="controlFlag">REQUIRED</attribute> 
        <reference name="LoginModule"> 
            <pattern> 
                <name>simple-crddentials-login</name> 
            </pattern> 
        </reference> 
    </gbean> 
    <gbean name="org.apache.geronimo.framework/server-security-config/2.2/car? 
        ServiceModule=org.apache.geronimo.framework/server-security-config/2.2/car,
        j2eeType=LoginModuleUse,name=properties-login"> 
        <reference name="Next"> 
            <pattern> 
                <name>simple-crddentials-login-use</name> 
            </pattern> 
        </reference> 
    </gbean> 
 </module> 
       


In Listing 8 , we use the current server default security domain of the login chain to add a new LoginModule GeronimoPropertiesFileMappedPasswordCredentialLoginModule, the role of this module is that when users in the security domain for its certification, will be configured in simple-credentials.properties file corresponding to the user name and password information to Subject of Private Credentials to go. Properties file to the contents of the first line of example, system = system: system = manager, the first system used corresponds to the currently logged on user name, the second system for the login name, the last of the real system and the manager was user name password information. Follow-up will introduce how to use stored in the Subject Geronimo's Private Credentials access information for Web Service provides a platform-level support.


Listing 9. Geronimo-web.xml fragment

                               
 <name:service-ref> 
    <name:service-ref-name>services/BookStore</name:service-ref-name> 
        <name:port> 
            <name:port-name>BookStorePort</name:port-name> 
            <name:protocol>http</name:protocol> 
            <name:host>localhost</name:host> 
            <name:port>8080</name:port> 
            <name:uri>/SecurityWebServices/bookstore</name:uri> 
            <name:credentials-name>system</name:credentials-name> 
        </name:port> 
    </name:service-ref> 
 <web:security-realm-name>geronimo-admin</web:security-realm-name> 
    <app:security xsi:type="sec:securityType"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> 
        <sec:credential-store-ref> 
            <dep:name>SimpleCredentialStore</dep:name> 
        </sec:credential-store-ref> 
        <sec:default-subject> 
            <sec:realm>geronimo-admin</sec:realm> 
            <sec:id>system</sec:id> 
        </sec:default-subject> 
    </app:security> 
    <dep:gbean name="SimpleCredentialStore"
       
        xsi:type="dep:gbeanType"> 
        <dep:xml-attribute name="credentialStore"> 
            <credential-store 
                xmlns="http://geronimo.apache.org/xml/ns/credentialstore-1.0"> 
                <realm name="geronimo-admin"> 
                    <subject> 
                        <id>system</id> 
                        <credential> 
                            <type> 
                                o.a.g.security.credentialstore.NameCallbackHandler 
                            </type> 
                            <value>system</value> 
                        </credential> 
                        <credential> 
                            <type> 
                                o.a.g.security.credentialstore.PasswordCallbackHandler 
                            </type> 
                            <value>manager</value> 
                        </credential> 
                    </subject> 
                </realm> 
            </credential-store> 
        </dep:xml-attribute> 
 </dep:gbean> 
       


Listing 9 to update the client after the deployment of Web Service file, compared to no security configuration settings, you can see, service-ref element adds a child element of credentials-name, also added in the security configuration and default-subject credential-store-ref two elements. On the meaning of the configuration, please refer to Table 1 :

Table 1. Security Settings Help

Location and name of the element Configuration values Configuration instructions
service-ref-name/port/credentials-name system The name corresponds to the name of the user name password
security / credential-store-ref / name SimpleCredentialStore Log in using the Credential Store, mainly contains the CallbackHandler used for login information, the current configuration value to point to follow the SimpleCredentialStore GBean
security / default-subject / realm geronimo-admin Log in using the security domain
security / default-subject / id system And the realm value of the previous line to locate together in the Credential Store to a CallbackHandler used for login settings

So how Geronimo is configured to provide the above functions? Concrete steps are as follows:

  • User request arrives Web Service client, Geronimo does not check the security information to the current session, use the default-subject configuration information from the Credential Store to use the CallbackHandler to obtain information on the geronimo-admin security domain implementation of standard JAAS login operation.
  • In the implementation of geronimo-admin security domain logon operations, log chain security domain contains all the login modules are implemented in the implementation of the list 8 add a LoginModule, the properties file in the system as the key to all the login information is is added to the Private Credential in the Subject.
  • When the client code execution to access remote Web Service on the code, before sending the user request, Geronimo will be the credentials-name system for the configuration value of the Subject in the current session key to retrieve the corresponding user name and password information, JAX-WS by standard methods set.

So, through the list of 8 on the login module configuration and list of 9 in the configuration on the Default Subject to realize at the server level security support, and for the Web Service client, the need to add in their code the logic of security certification . In fact, as described in the third step, Geronimo in the background of the code in Listing 7 the same, the relevant code in the JAX-WS plugin geronimo-jaxws the org.apache.geronimo.jaxws.client.PortMethodInterceptor class, interested in Readers can be combined to read.

In addition, if the remote user name and password request to log on to the current domain and user password is the same as the current example, you can use another LoginModule implementation Geronimo org.apache.geronimo.jaas.NamedUPCredentialLoginModule, and specify the org. apache.geronimo.jaas.NamedUPCredentialLoginModule.Name options for credentials-name element in value, you can also achieve the same effect. However, compared to the list of 8 used in the GeronimoPropertiesFileMappedPasswordCredentialLoginModule for a little inflexible, but the same principle, be a remote Web Service to Private Credential login information needed to form the Subject in the current session.



Message transfer using SSL to ensure the integrity and privacy

HTTP BASIC authentication using the above method, we reached a Web Service application authorized purpose of the visit, but the login is successful, the service side and client-side interaction between the SOAP message is transmitted using plain text, the third party can intercept network traffic packets get through SOAP message content. Through SSL, you can fill this gap the maximum extent, making the security of Web Service interactions can be further improved.

First, modify the Web Service server's configuration file, the transport-guarantee element value from the original NONE into CONFIDENTIAL, so that resources will be protected using SSL connection. As Listing 10 shows:

Listing 10. Web.xml configuration snippet

                               
 <security-constraint> 
        <web-resource-collection> 
            <web-resource-name>basicResources</web-resource-name> 
            <url-pattern>/bookstore/*</url-pattern> 
            <http-method>POST</http-method> 
            <http-method>GET</http-method> 
        </web-resource-collection> 
        <auth-constraint> 
            <role-name>admin</role-name> 
        </auth-constraint> 
        <user-data-constraint> 
            <transport-guarantee>CONFIDENTIAL
</transport-guarantee> 
        </user-data-constraint> 
 </security-constraint> 
       


Second, client access, the need to use the HTTPS protocol and port access, the geronimo-web.xml file in the service-ref updated as shown in Listing 11:


Listing 11. Geronimo-web.xml

                               
 <name:service-ref> 
        <name:service-ref-name>services/BookStore</name:service-ref-name> 
        <name:port> 
            <name:port-name>BookStorePort</name:port-name> 
            <name:protocol>https</name:protocol> 
            <name:host>localhost</name:host> 
            <name:port>8443</name:port> 
            <name:uri>/SecurityWebServices/bookstore</name:uri> 
            <name:credentials-name>system</name:credentials-name> 
         </name:port> 
 </name:service-ref>            
       


Finally, close the Geronimo server, the command line set GERONIMO_OPTS =- Djavax.net.ssl.trustStore = $ YOUR_GERONIMO_HOME / var / security / keystores / geronimo-default-Djavax.net.ssl.trustStorePassword = secret, and re-start the Geronimo server . At this point Web Service client and server interaction, will be transmitted via HTTPS. In setting Trust Store, you can use other methods based on the physical environment, such as the public key of the server JRE into the default Trust Store. It should be stressed to that, this sample Web Service server and client using the same instance of Geronimo, and Geronimo to use the default HTTPS Connector certificate is $ YOUR_GERONIMO_HOME / var / security / keystores / geronimo-default, so set javax. net.ssl.trustStore also point to the same location. If you need access to third-party publishing and HTTPS protocols based on transmission of Web Service applications, you need to import the certificate to the local Trust Store in the above two parameters for the appropriate value.

CLIENT CERT authentication based on security policy

In granting access, in addition to user name and password based on HTTP BASIC authentication in addition, CLIENT-CERT is a better choice. HTTPS-based interview is usually only need to provide a certificate that the server identity, in the previous example also introduced to the client needs to add the server's public certificate to a local trusted keystore. When using the CLIENT-CERT authentication, the client must also provide a certificate to show their identity, in other words, server and client are required to provide certificates to show their identity. Therefore, CLIENT-CERT is a special use of SSL. Reality, this authentication is not much use, because most users do not own certificate, but in the B2B scenario will see its shadow. For example, between the two companies can use this authentication to ensure the security of information exchange.

For the sample convenience, we will use two instances of Geronimo application server, applications are deployed Web Service server and client. To avoid port conflicts, the user can modify a server instance var / config / config-substitutions.properties file PortOffset the value of 10, making two server instances simultaneously on a single machine to run. Implementation steps are as follows:

1. KeyTool or other tools using Web Service client-side production of key library client.jks, and export the client certificate, then import trusted key server trustedclient.jks in the library file.

2. In the Web Service server where the application server, Web Server through the console configuration page, add support for CLIENT-CERT way HTTPS Connector. Complete configuration, to note that the following configuration items:

Table 2. CLIENT-CERT HTTPS Connector key configuration items

Property Name Configuration values Property Description
keystoreFile .. / Security / keystores / geronimo-admin HTTPS Connector server keystore file location using the
port 8444 HTTPS Connector server listening port
clientAuth true Whether to support the CLIENT-CERT authentication
keyAlias Keystore used by the server certificate alias, if not set, the library was the key to read the first key
keystorePass secret Used to access the key database file password
truststoreFile .. / Security / keystores / trustedclient.jks User authentication, client certificate keystore file location
truststorePass secert Access to trusted client keystore file password

3. Modify Web Service server deployment files, such as the list of 12 shows:

Listing 12. To use CLIENT-CERT authentication in the Web Service server geronimo-web.xml deployment file fragments

                               
 <web:security-realm-name>client-cert-realm</web:security-realm-name> 
 <sec:security> 
    <sec:credential-store-ref> 
        <dep:name>client-cert-credential-store</dep:name>            
    </sec:credential-store-ref> 
    <sec:default-subject> 
        <sec:realm>client-cert-realm</sec:realm> 
        <sec:id>default</sec:id>            
    </sec:default-subject> 
    <sec:role-mappings> 
        ...... 
    </sec:role-mappings> 
 </sec:security> 
 <gbean name="client-cert-realm" 
    
    xsi:type="dep:gbeanType"> 
    <attribute name="realmName">client-cert-realm</attribute> 
        <attribute name="global">true</attribute> 
        <reference name="ServerInfo"> 
            <name>ServerInfo</name> 
        </reference> 
        <xml-reference name="LoginModuleConfiguration"> 
            <log:login-config xmlns:log="......"> 
                <log:login-module control-flag="REQUIRED" wrap-principals="false"> 
                    <log:login-domain-name>client-cert-realm</log:login-domain-name> 
                    <log:login-module-class> 
                     o.a.g.security.realm.providers.PropertiesFileNoPasswordLoginModule 
                    </log:login-module-class> 
                    <log:option name="groupsURI"> 
                        var/security/groups.properties</log:option 
                    > 
                </log:login-module> 
            </log:login-config> 
    </xml-reference> 
 </gbean> 
 <gbean name="client-cert-credential-store" 
   > 
    <xml-attribute name="credentialStore"> 
        <credential-store xmlns="......"> 
            <realm name="client-cert-realm"> 
                <subject> 
                    <id>default</id> 
                    <credential> 
                        <type> 
                        o.a.g.security.credentialstore.NameCallbackHandler 
                        </type> 
                        <value>system</value> 
                   </credential> 
                </subject>                   
            </realm> 
        </credential-store> 
    </xml-attribute>      
 </gbean>            
       


When using the CLIENT-CERT authentication, the server and client certificate authentication between the SSL handshake phase has been completed in that once the handshake, indicating that user identity is confirmed, therefore the request has the access to protected resources. Such as the list of 12 shows, the use of HTTP BASIC authentication with the client Web Service to deploy a similar configuration, use the default-subject configuration item, combined with Security Realm and Credential Store set for the user session to add the default security settings, so that it can access to protected resources.

4. Modify the Web Service client port value in the deployment file, changed to 8444, the new server to support CLIENT-CERT authentication in HTTPS Connector listening port.

5. Start Web Service client where the Geronimo application server, the command line using GERONIMO_OPTS set the following system properties:

Table 3. CLIENT-CERT client system property

Property Name Configuration values Property Description
javax.net.ssl.trustStore $ YOUR_GERONIMO_HOME / gt / var / security / keystores / geronimo-default Trusted client keystore containing the public key from the server to import the information
javax.net.ssl.trustStorePassword secret Client access to trusted keystore password
javax.net.ssl.keyStore $ YOUR_GERONIMO_HOME / gt / var / security / keystores / client.jks Client key database that contains information about the client's own private key
javax.net.ssl.keyStorePassword secret Client key database access password

3 from the table settings can be seen, Web Service client and server settings are completely equal, but the client is through the system property is set, the server settings through the HTTPS Connector. Also shows that the CLIENT-CERT is essentially a two-way certificate authentication.

Conclusion

In this paper, a simple online bookstore Web Service application, for example, describes how based on HTTP / HTTPS protection of SOAP security information exchange. Overview of the state, through the HTTP BASIC / CLIENT-CERT Web Service applications to achieve authorized access, and SSL to ensure that messages transmitted through the integrity and privacy. The actual environment, you can select the appropriate demand-based security policy.

Original: http://www.ibm.com/developerworks/cn/opensource/os-cn-ag-secwebs/index.html?ca=drs-
  • del.icio.us
  • StumbleUpon
  • Digg
  • TwitThis
  • Mixx
  • Technorati
  • Facebook
  • NewsVine
  • Reddit
  • Google
  • LinkedIn
  • YahooMyWeb

Related Posts of Created by Geronimo 2.2 Web Service Application security

  • In IIS6 configured PHP runtime environment

    http://hi.baidu.com/wangleiit/blog/item/c14fd0113622b316b8127bfa.html http://www.xueboke.com/html/bokezhishi/wangyezhishi/PHPzhishi/200802/18-14_3.html http://hi.baidu.com/% B4% BA% CB% D8% C7% EF% D2% B3/blog/item/b14007de313c2152cdbf1a77.html http: ...

  • The idea of paging 1:00

    Saas-based management structure, management system, often will be relatively large amount of data, particularly in some of the basic form, each user may have a lot of data, the data page display is the most basic, each paging query, the basic must to ...

  • websphere6.1 configure message-driven bean2.0 (based on the publish / subscribe) Notes from

    Recently the company has a demand, and receive other sectors of the MQ to send the request to send MQ sector is based on the pub / sub approach published. Subscribe to our department I am responsible for the development of MQ. Environment: websphere6.1 To

  • axis2 the entire process of creating webservice client (called. net web service)

    Operating environment: myeclipse + tomcat6 +. Net web service 1. Download axis2-1.5-bin.zip url: http://ws.apache.org/axis2/download.cgi 2. Download Axis2 and extract to a target directory 3. AXIS2_HOME environment variable is set to indicate the target d

  • Message-oriented programmers need to convert ideas

    With many high-profile distributed systems continues to expand, managers must ensure that application developers to rethink the design procedures. This is not easy. This is unlike the programmers have learned in school. Programmers have traditionally ...

  • in the Kingdom of Java open-source free-flying

    In the area of today's Java, a variety of new technologies, new tools and styles, on the one hand, each technology upgrading will be kept on the other hand, will continue to emerge out of new technologies and tools. Java world like a child playing wit

  • webservice study II (2) axis2 client to develop summary (annex containing the item)

    A, first of all create a webservice client projects webservice_client 1, Contents 2, will be required to include the jar to the lib directory under the project lib Second, the development of client-side webservice 1, the development of client-side co ...

  • Spring dependency package Jar Profile

    Dependence of Spring Dependence of sub - JAR file Description ant ant.jar, ant-junit.jar, ant-launcher.jar Spring used as part of its Apache Ant build tool, also used to complete a large number of other tasks such as document generation and test execution

  • About JSON

    Abstract XML - this for that client and server data exchange between the payload format has become almost synonymous with Web services. However, because Ajax and REST technology applications that affected the structure, forcing people to seek alternatives

  • Rails startup process

    Rails startup process At each application of the / public directory, contain: dispatch.cgi, dispatch.fcgi, dispatch.rb 3 A distribution of documents . System configuration according to our implementation of one of the corresponding documents, call the dif

blog comments powered by Disqus
Recent
Recent Entries
Tag Cloud
Random Entries