users@glassfish.java.net

Re: Glassfish - Webservice security

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Thu, 5 May 2011 12:50:13 +0530

Also check this out : http://netbeans.org/kb/docs/websvc/wsit.html


On 05-May-2011, at 12:26 AM, Martin Gainty wrote:

> if your http-server will implement SSL implement the mod_ssl module on Apache
> http://www.modssl.org
>
> if your appServer is implementing SSL at the transport level then:
> "To configure SSL for your application, follow these steps:
> Select one of the mechanisms that require SSL. These include
> Transport Security (SSL),
> Message Authentication over SSL, and
> SAML Authorization over SSL.
> Server Configuration
> GlassFish is already configured for SSL. No further SSL configuration is necessary if you are using Transport Security.
> However, if you are using one of the Message Security mechanisms with SSL, you must update the GlassFish certificates as described in Updating GlassFish Certificates.
> Configure a user on GlassFish as described in Adding Users to GlassFish.
> Client Configuration
> For configuring your system for SSL in order to work through the examples in this tutorial, the same keystore and truststore files are used for both the client and the service. This obviates the needs to set system properties to point to the client stores, as both GlassFish and NetBeans are aware of these certificates and point to them by default. ..."
> </snip>
> example and tutorial is located at:
> http://download.oracle.com/docs/cd/E17802_01/webservices/webservices/reference/tutorials/wsit/doc/WSIT_Security5.html
>
> if your webservice is securing the messages individually then implement the Rampart Module
> http://axis.apache.org/axis2/java/rampart/
>
> to be engaged on Axis2 web-services
> http://axis.apache.org/axis2/java/core/
>
> feel feel free to ping me offline for implementation and/or coding details
> Martin Gainty
> ______________________________________________
> Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>
> Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt.
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Ce message est confidentiel et peut ętre privilégié. Si vous n'ętes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert ŕ l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement ętre sujets ŕ la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>
>
>
>
>
> Subject: Glassfish - Webservice security
> Date: Wed, 4 May 2011 16:51:39 +0200
> From: Matthieu.VINCENT_at_cpexterne.org
> To: users_at_glassfish.java.net
>
> Hi everyone,
>
> I’m trying to develop an application exposing some webservices.
> I’d like to secure them with ws-security, does anyone already done this kind of things because I’m quite stucked on the subject.
>
> I’ve successfully do it with Basic authentication, but I’ve to do it with ws-security and configuration (of sun-web.xml I suppose?) is not so intuitive and I cannot find any good example on the web
>
> I’m using glassfish v2.1.
>
> Some precision: I would prefer to expose my webservices not using EJB pattern, if possible…
>
> Thanks in advance
>
> Regards,
> Matthieu