Which is the best approach to expose an EJB as a secured web service?

gmlopezdev May 8, 2013 7:35 AM

Maybe not a single one...

I've seen some examples using http basic authentication in combination with ssl which might be acceptable but what about using ws-security?

Thanks for your feedback!

1. Re: Which is the best approach to expose an EJB as a secured web service?

gmlopezdev May 8, 2013 7:59 AM (in response to gmlopezdev)

It seems that there are quite good documentation about exposing web services using ws-security here and some more general documentation here. Even though, I'd like to get feedback you might have to share from experience.

Thanks again!
Actions
2. Re: Which is the best approach to expose an EJB as a secured web service?

sfcoy May 8, 2013 8:00 AM (in response to gmlopezdev)

Have a look at AS72 WS-Security.
Actions
3. Re: Which is the best approach to expose an EJB as a secured web service?

sfcoy May 8, 2013 8:00 AM (in response to gmlopezdev)

Bingo!
Actions
4. Re: Which is the best approach to expose an EJB as a secured web service?

gmlopezdev May 8, 2013 1:36 PM (in response to sfcoy)

Thanks for your help! I see that your link point to AS72 but I haven't been able (still have to read thoroughly) if there are significant differences.

How hard actually is exposing an EJB as a web service with ws-security (username token profile)? I will anyway create a test service following the directions on the link but any experience/recommendation will be appreciated too :-)!
Actions