users@glassfish.java.net

Re: Securing EJB WebService: where to start?

From: Ryan de Laplante <ryan_at_ijws.com>
Date: Mon, 26 Mar 2007 10:37:24 -0400

Which application server are you using? Securing web services is app
server specific. The app server injects a secured web service client
into your EJB. You can't get a secured client for your EJB any other way.

The "Edit web service attributes" screen in netbeans configures
sun-web.xml for Sun App Server or Glassfish, and Sun Access Manager to
include the following:

.....
    <ejb>
      <ejb-name>GreatServiceBean</ejb-name>
      <service-ref>
        
<service-ref-name>com.company.product.GreatServiceBean/service</service-ref-name>
        <port-info>
          <wsdl-port>
            <namespaceURI>http://service.product.company.com/</namespaceURI>
            <localpart>GreatServicePort</localpart>
          </wsdl-port>
          <message-security-binding auth-layer="SOAP"
provider-id="AMClientProvider">
            <message-security>
              <message/>
              <request-protection auth-source="content"/>
              <response-protection auth-source="content"/>
            </message-security>
          </message-security-binding>
        </port-info>
        
<wsdl-override>http://ws01:8080/GreatService/GreatService?wsdl</wsdl-override>
      </service-ref>
    </ejb>
....

The app server must have Access Manager installed. I'm fairly new to
this and only know that netbeans does some magic to configure access
manager. There are ant tasks related access manager, an amconfig.xml,
etc... You might even need to log into access manager's console and
configure it.



Ryan


glassfish_at_javadesktop.org wrote:
> Ryan
>
> Thanks for your reply. The problem is that you're assuming that we are using netbeans, while it's not the case: well, I am using NB5.5, but other developers in the team are using other tools. So we are building all components using our own ant scripts, which means that we are writing the deployment descriptors ourselves, where needed. That is why I really need to understand how to achieve this without using any specific tool.
>
> Thanks anyway
>
> Jean-Noel
> [Message sent by forum member 'jncolin' (jncolin)]
>
> http://forums.java.net/jive/thread.jspa?messageID=209849
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.