tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Louis MONTEIRO <jean-louis.monte...@atosorigin.com>
Subject Re: Securing a webservice
Date Thu, 19 Feb 2009 12:48:04 GMT

Hi Jonathan,

It's a nice enhancement.
I'm just trying to create samples using OpenEJB + JAX-WS (CXF) + WS-Security
(UserToken, Signature, Encryption, ...).

At first glance, I used WS-Security to secure web services. But you approach
is quite interesting for me because my web service facade delegates to
business EJBs (probably secured with @RolesAllowed ...).
So I imaging I will have to authenticate the client.

A first approach is to retrieve the login/password from the WS-Security
UserToken and then perform an authentication (I don't know how at the
moment).

What is your opinion regarding authentication using common Http headers and
using WS security ?


Kind regards,
Jean-Louis


-- 
View this message in context: http://www.nabble.com/Securing-a-webservice-tp22089576p22098820.html
Sent from the OpenEJB User mailing list archive at Nabble.com.


Mime
View raw message