3 Replies Latest reply on Oct 28, 2005 10:13 AM by thomas.diesler

Securing ServiceEndPoint for Servlet type WS

julianhtun Oct 17, 2005 2:22 AM

Hi,

I'm pretty new to J2EE world. I'm using JBossWS and able to make them work and now I'm trying to secure them.

This post is 2 folds.

1. I'm trying out 1 design whereby utilizing the SOAP header and I'm having problem.

2. I like the guru out there to suggest another better and simpler design if you know one. I heard about HTTP Basic Authentication but I also heard that sometimes it won't work thru Proxy Server as the HTML header sometimes get changed. Secondly it might not work from Laszlo.

Back to item #1....

I need to authenticate using a third party JAAS module (DatabaseServerLoginModule). It is already in login-config.xml and it is working fine with another WAR.

I did see the following tutorial BUT it is for EJB and I'm using Servlet and I don't know how to configure such that the 3rd party JAAS module is get called.

http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecureEndpoint

Thanks in advance,
-Julian Htun

1. Re: Securing ServiceEndPoint for Servlet type WS

thomas.diesler Oct 25, 2005 4:19 PM (in response to julianhtun)

A java service endpoint deployed as a war is different with respect to setting up a security domain as any other webapp.
Actions
2. Re: Securing ServiceEndPoint for Servlet type WS

julianhtun Oct 26, 2005 11:10 AM (in response to julianhtun)

Thomas,

Different? There is a way? If you don't have time to give me detail leads, can you give me some highlevel leads to investigate?

Thanks,
-Julian
Actions
3. Re: Securing ServiceEndPoint for Servlet type WS

thomas.diesler Oct 28, 2005 10:13 AM (in response to julianhtun)

Sorry about the crutial typo that negated the meaning of what I wanted to say.

A java service endpoint deployed as a war is NO different with respect to setting up a security domain as any other webapp.
Actions

Go to original post