users@glassfish.java.net

Securing EJB WebService: where to start?

From: <glassfish_at_javadesktop.org>
Date: Fri, 23 Mar 2007 03:53:42 PST

Hi

On GlassFish, I have a webservice that is implemented by a Java EE EJB endpoint.

I would like to implement message security, in the form of message digital signature.

Basically, what I would like to achieve is the following scenario:
1. WSC sends a signed request to WSP
2. WSP should be able to retrieve WSC consumer to determine how to respond to WSC
3. WSP sends a signed response to WSC

I've been googling for hours without finding a good starting point. I've read that because I'm implementing the WebService using an EJB and not a servlet, I can't use XWSS. So from the Java Web Services Tutorial 2.0, I understand I should use "the Application Server Message Security Implementation" rather than XWSS.

Could someone please provide me with some pointers on where to start from?

Best regards

Jean-Noel Colin
[Message sent by forum member 'jncolin' (jncolin)]

http://forums.java.net/jive/thread.jspa?messageID=209600