Working with Web Services - Associating Security with Web Services
(Page 9 of 9 )
Until now, all you have done is define a security policy; you haven't associated it with any Web service. A WSSE policy is associated with Web services via the ws-security-service and ws-security-callback annotations, which associate the policy with methods and callbacks, respectively. Listing 9.6 shows an example of specifying a Web Service Security Policy.
Listing 9.6 Specifying a WSSE File Within a Web Service
/**
* @jws:ws-security-service file="creditServicesSecurity.wsse"
* @jws:ws-security-callback file="creditServicesSecurity.wsse"
*/
public class creditServices implements com.bea.jws.WebService
After a policy file has been applied to a Web service, it's then used for all method calls within that service, both incoming and outgoing.
In Brief In this chapter, you learned that:
Service-oriented architecture focuses on encapsulating solutions to problems into callable services.
Web services interoperate by using HTTP, SMTP and other protocols as transports; SOAP as a messaging protocol; and WSDL as a description language.
UDDI provides a mechanism for storing and searching for Web services.
WebLogic Workshop can create full-featured Web services quickly.
Web service name collisions can be eased or eliminated by using namespaces.
Conversational Web services can be developed with WebLogic Workshop, even under stateless protocols.
WebLogic Workshop applications can use both local and remote Web services by encapsulating them within controls.
WebLogic Workshop autogenerates the necessary support to write standalone Java and JSP Web services clients.
Web services can be secured by using WSSE files to specify incoming and outgoing security.
Encrypting WSSE Policy Files - Under normal circumstances, when an application is compiled, the WSSE policy files can contain cleartext passwords in the generated compiled .class files, which can be viewed by sophisticated users with access to a deployed application. WebLogic Workshop provides the generateSecretKey and encryptWssePolicy utilities, located in the weblogic81/common/bin folder, for encrypting policy files. generateSecretKey can be used to generate a key for encrypting your policy files. The resulting encrypted policy can then be placed in the APP-INF/classes directory and used transparently. The Securing WS-Security Passwords topic of the Web service help files explains the details of encrypting and using encrypted policy files.
 This chapter is from BEA WebLogic Workshop 8.1, by Albert J. Saganich, Jr., et al. (Sams, 2004, ISBN: 0-672-32622-1). Check it out at your favorite bookstore today.
Buy this book now. |
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
