tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Louis MONTEIRO <>
Subject Re: Securing a webservice
Date Thu, 19 Feb 2009 12:48:04 GMT

Hi Jonathan,

It's a nice enhancement.
I'm just trying to create samples using OpenEJB + JAX-WS (CXF) + WS-Security
(UserToken, Signature, Encryption, ...).

At first glance, I used WS-Security to secure web services. But you approach
is quite interesting for me because my web service facade delegates to
business EJBs (probably secured with @RolesAllowed ...).
So I imaging I will have to authenticate the client.

A first approach is to retrieve the login/password from the WS-Security
UserToken and then perform an authentication (I don't know how at the

What is your opinion regarding authentication using common Http headers and
using WS security ?

Kind regards,

View this message in context:
Sent from the OpenEJB User mailing list archive at

View raw message