Web Services
Security 183
<web-resource-name>Object Structure Service Servlet</web-
resource-name>
<description>Object Structure Service Servlet (HTTP POST)
accessible by authorized users</description>
<url-pattern>/os/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>Roles that have access to Object Structure
Service Servlet (HTTP POST)</description>
<role-name>maximouser</role-name>
</auth-constraint>
<user-data-constraint>
<description>data transmission gaurantee</description>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
-->
The preceding <security-constraint> section refers to a single role, maximouser,
which is defined farther down in the web.xml file. By default, the security
constraint section is not commented out.
<security-role>
<description>An Integration User</description>
<role-name>maximouser</role-name>
</security-role>
In addition, change the following web.xml value for useAppServerSecurity from
0 to 1 in the web.xml:
<description>Indicates whether to use Application Server security
or not</description>
<env-entry-name>useAppServerSecurity</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>0</env-entry-value>
</env-entry>
You can securely deploy a Web service by using SSL (HTTPS). Set up the SSL in
the application server with the appropriate digital certificates.
Web Services
You can secure integration Web services by using HTTP basic authentication in
standard J2EE security. These security settings let authorized users with a valid
user name and password access Web services.
Securing Web Services
To enable Web service security, use the steps previously described for HTTP,
referencing the following Web service-specific security-constraint blocks.
The application web.xml file contains a <security-constraint> section for the web
service invocation. By default, this section is commented out.
To Next Page
Loading...