From: <glassfish_at_javadesktop.org>
Date: Fri, 21 Nov 2008 03:09:37 PST

If you are using Servlet WebServices, try using NetBeans 6.5 with Latest GlassFish builds (something like) : https://sailfin.dev.java.net/downloads/v1-b59.html

Inside Netbeans select the default Mechanism "Username Authentication with SymmetricKeys".
 (More info on that here : https://wsit-docs.dev.java.net/releases/m6/WSIT_Security4.html)

If you only want encryption then you can click on Advanced settings and remove all URI's under the SignedParts assertions (make it empty). You can also directly edit the metro configuration file wsit-*.xml which has the generated policy assertion to do this.

But a first step for you would be successfully run "Username Authentication with SymmetricKeys" as documented here : https://wsit-docs.dev.java.net/releases/m6/WSIT_Security4.html

I can help if you are running into issues.

You can follow a similar procedure even for EJBWebservices even though we have other ways (legacy ways) of securing them.

Once you are done with this, you can use WebServiceContext.isUserInRole() call within your webservice to ensure only admin has access to the webservice. Please see : http://weblogs.java.net/blog/kumarjayanti/
[Message sent by forum member 'kumarjayanti' (kumarjayanti)]

http://forums.java.net/jive/thread.jspa?messageID=318076