Web Service « security « Java Enterprise Q&A





1. How do i propagate security to my independent web service enterprise application?    stackoverflow.com

I created a simple web application which contains web pages and one enterprise application which contains web services and EJBs for my web application. I managed to configure security for my ...

2. Integrate Java web service with Unix security    stackoverflow.com

I am hosting a Java web service on a AIX unix box using JBoss. Some of the web methods browse the unix file structure (IE GetDirectoryFiles returns all files for the directory ...

3. Have Java Web Service execute under different context    stackoverflow.com

We have a Java 1.4 web service running on AIX 5. We want to have the web service methods execute under the context of the caller, not the hosting web server. ...

4. Secure Java Web Services    stackoverflow.com

I am trying to figure out which framework/API would be best for implementing my web services (Java EE). The data being passed back and forth between client and web container needs ...

5. Restful webservice Security implementation    stackoverflow.com

We developed a restful web service(Java based). We are planning to implement security. Can some one point to resources about SSL token based authentication. Thanks in advance.

6. Security with Web Services in Java    stackoverflow.com

We have a client that calls our web services. How can we make sure that it is only our client application that is calling the web service and not a client ...

7. How can I build simple secure web service with Java?    stackoverflow.com

Purpose of this web service is to server html/javascript/css/binary data inside simple XML document (or are there better suggestion for fromat? Could JSON be used for this kind of web service?) ...

8. client-server app, signed WebServices, how to identify client?    stackoverflow.com

I have a client-server apps, i'm using XWSS to use signed webservices to connect to server (encrypting is not neeeded, communication goes thru VPN) But now, how to identify client ? I ...

9. What is the easiest way (and ws-stack) to implement stand alone client to consume web service with security?    stackoverflow.com

I need to consume a webservice with ws-security using a stand alone java client, I can't use the metro stack as I need to change the wsdl to include policies, any ...





10. Lost orientation about secured web service using java    stackoverflow.com

I tried many ways to consume secured wsdl with wsimport. Unsecured wsdl files can be read by wsimport, but how to do this with secured wsdl ? 1.xxx.cer is stored in keystore 2.username and ...

11. java.security.PrivilegedActionException while hitting webservices over https    stackoverflow.com

I am getting the following exception, when i am trying to hit the webservice over https using java client: com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection post SEVERE: SAAJ0009: Message send failed com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: java.security.PrivilegedActionException: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Message send failed ...

12. MTOM - Web Service Client Security Attributes are missing    forums.netbeans.org

Hello I have created a web service and secured it with a Secure Token Service as described here. I have then generated a web service client in a new project, configured ...

13. Unable to configure web service client AM Security    forums.netbeans.org

Hi I have followed this tutorial in order to use UsernameToken Profile in a web service client. http://netbeans.org/kb/docs/javaee/identity-amsecurity.html So far I have been unable to make ir work. I was successful to set UsernameToken Profile (through AM Security tab) in web service. Once set security in web service, I create web service client from WSDL file. When I try to access ...

14. web service security    forums.netbeans.org

15. Standalone Web Service clients in NetBeans with WSIT security    forums.netbeans.org

(Apologies for cross-posting this on the Sun Web Service forums as well, the problem seems to bridge the 2 domains and I've had no response over there) I'm having a problem create a secure app with NetBeans, any help would be appreciated, here's what I did: Following the WSIT tutorial (http://java.sun.com/webservices/reference/tutorials/wsit/doc/index.html) I was able to create a Web Service with (for ...





17. XML and Web Services Security    coderanch.com

18. security in webservice    coderanch.com

Hi, I am new to the webservice world. Please let me know how I can provide username and password with the web service call. How does the container interpret it? Alos, does the WSDL contain any credential information? If it does, how is it setup Thanks, Ram. [ December 05, 2003: Message edited by: Simba Sriram ]

19. XML Signatures, Web Services Security and Interoperability.    coderanch.com

Hi All, Can some one tell me if there is way to export the keys that are genrated in Java to .Net or from .Net to java. Is there a work around? I need the keys so that a Soap message that is signed by a .Net client be verified at the Server end that is implemented in Java, one point ...

20. Web services security implementation question    coderanch.com

Hi All , I have a webservices inside a firewall that needs to be accessed by the DMZ servers .. The firewall can only be crossed using message queues as no other ports are exposed. I can not make a direct connection to the SOAP services. I have an application which already does reading of message queues and calling the web ...

21. Your views on Web Services Security    coderanch.com

This is question fot RMH. I often hear people say that Security is a key obstacle in wide spread adoption of Web Services. It was not until Netscape introduced SSL and HTTPS that commerce on the Web flourished. And despite the criticism of PKI and HTTPS, these technologies solve the problem of Web security in most people's mind. SSL and other ...

22. To author: security in Web services    coderanch.com

Originally posted by Hari Vignesh Padmanaban: Should security be taken into consideration in web services? Does your book cover that ? IMHO, end-to-end security should be considered in any applications, including web services. My book ch 7 discusses an end-to-end framework, some design strategies and some health-checklist for web services objects. Typically, HTTPS protects client-to-server connection. XML encryption and digital signature ...

23. web service security : question for Mr. Lai    coderanch.com

Originally posted by Dave Knipp: If they are publicly accessible, can this public access ever become a problem in the future? What are your experiences with this topic? Many web services in production are private, i.e. you can't access directly from public internet. Even if you can, they use tight encryption (e.g. HTTPS and XML encryption) and authentication mechanism. Majority of ...

24. Web services security    coderanch.com

I am new to Web services. I have developed a system that use Web services: SOAP with attachment, to send documents and data via the Net. However, in addition, I hope the file will not be sent in plain so that ppl cannot capture the content. Does I simply apply SSL to this service? Or I need to write my own ...

25. Web Services Security - anyone got it working?    coderanch.com

I have a document based web service on the Axis stack running on WAS 5.x. Trying to implement security by using digital signatures - I have looked at both Apache XML Security and WSS4J from Apache and can not get either one to work - grabbing from CVS neither will build properly - and the binary distribution of XML Security tends ...

26. Webservice security.    coderanch.com

27. Webservice security    coderanch.com

28. To-Do List on web services security implementation    coderanch.com

Hi All, I am a newbie to web services security implementation using AXIS. I am aware of how to implement Basic Authentication and SSL setup using AXIS and tomcat but are there any ways to implement web services security using soap implementations like AXIS and WSAD 5.1.2 . Basically I am looking on some hands-on for such implementations. Any links,urls,tutorials will ...

29. java.security. accessControlException    coderanch.com

30. How do you implement Web Services security?    coderanch.com

Ive got a web service up and running. Now i just relised that anybody who see's my WSDL can call the methods on my server. How do I stop this, how do i authenticate users?? Whats the easiest way? Could somebody show me a code example of the client side and server side code needed. My server is Apache Tomcat with ...

31. Problem Welogic Define Security Policy    coderanch.com

Hi, While defining security policies for webservice in Web Logic Express, I am navigating through deployments-->applications-->right click on ear file--> define security policy , I am not able to select any options (User name of the caller, Caller is a member of group..etc)though I am see them in a faint grey colour. I am not sure why this is happening, Can ...

33. Security infrastrucature?    coderanch.com

That depends on your definition of "complete" - everyone has his own concept of how much security is sufficient. For WS, there is the WS-Security standard, for which an open source implementation is available in the form of WSS4J. WS-Security addresses authentication (by username/password and client certificates), as well as encryption. You can find links to the standard and the software ...

34. Use cases for Web service security.    coderanch.com

35. New Article: Web Services Security    coderanch.com

36. -security option in wscompile    coderanch.com

i'm getting this error when compiling: [wscompile] error: -security is an invalid option or argument [wscompile] Usage: wscompile [options] configuration_file i checked the version of the tool with wscompile -version and i get: JAX-RPC Standard Implementation (1.1.3, build R1) i'm getting this error when compiling the jaas_sample in jwsdp-2.0; would like to get past that error...thoughts anybody? -- poc

37. Implementing web services security    coderanch.com

Hi all I am implementing security for web services, for my academic project. The requirement is for many clients to access the three methods of the web service, based on their authorization. I mean the authorization should be on the method-level, the client can access it only if it is authorized to. My design is to implement XML encryption for message ...

38. Security    coderanch.com

Hi! A customer is asking me to put a web service on my production machine, which will be called from a web-server. Today there is no connection between this machines. I see that the security get reduced, but how much? Will I be in big risk? See this as more secure than if he runs SQL, but is it more secure? ...

39. security using wsad or rad    coderanch.com

40. WebServices and Security    coderanch.com

Hi all, I developped a webService with Apache axis. It works fine. Is it possible to implement a sytem of security (key, certifcat) in order to protect use of my differents methods. For example I would like one client "A" use my method getHello and others "B","C" etc can't use my method. I don't know anything about security with webservice if ...

41. Web Service security    coderanch.com

This page (which is part of the Axis documentation, but generally applicable) gives an nice overview of what to look out for, and how to protect against it. Apart from that, Axis (and just about all other WS engines) are web apps, so all concepts and risks of web app security apply as well. You might want to look into the ...

42. security issue    coderanch.com

do you have some topic in the book regarding security issues on Web Service? I have a Web Service using Microsoft WSE3.0 UsernameToken for securing message, but I do not know how to consume it in JAVA source. do you have any sample code or point me to the right direction? [ May 29, 2007: Message edited by: Zhenhai Li ] ...

43. Web Services Security    coderanch.com

Welcome to JavaRanch. You have to differentiate between web services security and WS-Security. The former is the general concept of securing web services, while the latter is an OASIS standard that prescribed various security-related features that can be used to achieve web services security. The main features of WS-Security are authentication (both username/password and certificates), signature and encryption. Since web services ...

44. Web services security guidance    coderanch.com

Hi all I am relatively new to the java WS world, and after a while playing around with Axis2 / xFire and JAX-WS, I am moving on to the next level security. My app is assembled from client and web services module, what I am trying to achieve is: 1 only the client app can communicate the web-service. 2 Encrypted ...

45. doubt in web service security    coderanch.com

Hi all, Ive a doubt regarding web services security. If I configure a web service to expect a security header(basically signed, encrypted soap message) and the soap message that is sent to the web service is not having any encryption or signature as expected by web service, should the web service process that soap message or flag a soap fault saying ...

46. Enable security on the server    coderanch.com

47. Web Service Security    coderanch.com

48. Web services security    coderanch.com

WS security has several components, like authentication, encryption, and digital signing. Your comment about PKI leads me to believe that you're interested in encryption; is that correct? If so, that's what the WS-Security standard addresses (for SOAP), which these days is supported by all major WS implementations. Which API or SOAP stack are you using? For HTTP/Restful service you'd need to ...

49. RESTful and security    coderanch.com

There is more than "one type of state". In a true REST architecture application state is supposed to reside on the client to maximize scalability. That is where the tag line "Hypermedia as the Engine of Application State" comes from. The whole "session_id" concept is about application state that is stored on the server which diminishes scalability. A RESTful web application ...

50. Java Standard Edition & Web service security    coderanch.com

Hi All, I need some help. I have a web service running in Standard Edition 1.6 on a server. There isn`t a full app server nor is it required except for exposing some functionality. I decided to use the built in web service container in 1.6 and this is running quite flawlessly. The problem is security, i`m not even sure how ...

51. j_security_check is not redirecting to the requested web serivce.    coderanch.com

Hi, I am using form based authentication to protect some web services in WEbsphere 6.1 . Instead of using JSPs for login page and login error page I have used servlets as follows. FORM /LoginServlet /LoginErrorServlet When I send a request to a protected web service, as intended the controls goes to the LoginServlet first. Here I ...

52. WSDoAllReceiver: security processing failed (actions mismatch)    coderanch.com

No, you generally do not need to alter the axis2.xml file (assuming you're talking about the server-side axis2.xml file). You will need to adapt the client-side configuration file, which sometimes is also called axis2.xml or client.axis2.xml, so that it includes a similar section about InflowSecurity and OutflowSecurity. Do you have that? If so, post it here; if not, there's your problem. ...

53. web service security issue    coderanch.com

Hi. I am learning from the book "Java web services: Up and Running". It is quite good one, but I have a problem in undertanding use of keytool in purpose of kreating kyestore. Here is problem. Generated .keystore using :keytool -genkey -alias tomcat -keyalg RSA, is stored, just as a book says inside "account's home directory", in will be in my ...

54. WebServices - Security and Versioning    coderanch.com

55. Bpel - Web services security    coderanch.com

Hi all , I have the following problem. I have created a bpel process which has three receive activities , for which i have defined correlation sets. The input to these activities is sent from a web application. Now i would like to do the following. I want to create a new web-service , which will allow someone to use it ...

56. Do we need to apply security in message level in mobile appliaction call secure web service?    coderanch.com

Not knowing your application, we can't say for sure what needs to be done, and what might or might not be sufficient. But seeing "e-commerce" there, it sure sounds to me like you need to be very conscious of security in all its facets. SSL has really become obsolete for web services; the standard way is to use the WS-Security standard, ...

57. web service security    coderanch.com

Hi. I have tried some examples using WSIT tutorial. Genesis of either server and client, occurs in the NetBeans IDE. And everything works fine when I try any sort of ws security, explained in the examples. But, I don't get hoe to deploy service on the tomcat server, independently of NetBeans IDE? As much I saw for a client, in the ...

58. Question about designing a web-service security mechanism used with desktop client    coderanch.com

Hi, I am currently working on a Java desktop client to interact with a .Net web-service. The web-service is exposing some functions that already exist in the company's web application. The company would like to use the desktop client to replace some of the functions in the web due to some business requirement. The web page requires username / password login ...

60. Help regarding web service security    coderanch.com

Hi I am working on WS-Security and new in WS . I want to use WSS4j (web service security for java) API to implement WS-Security. Following is a code which performs the required task. But the problem is that here soap message (mentioned in bold text) is taken as a string. I have to take the soap message generated by my ...

61. Reg: Message Level Security    coderanch.com

Hi, I have a question regarding message level security to the Webservices. We have a webservice running with message level security implemented and working on Websphere application server. I have generated a client for that webservice and now i want to implement message level security at client side also such that I can talk to the service. Webservice provider has given ...

62. Web Service security    coderanch.com

Thanks for quick response. I am looking a message level security which is given in provided link but not very informative. It is based on NETBEANS can I have a example bases on eclipse and my web service consumer can use any technology .Net. For example there is a Web site developed in JSP/servlet and hosted on a Tomcat as soon ...

63. Share MTOM and security info with client    coderanch.com

We are using contract first approach to create webservices. First we create the WSDL and share it with the clients. From this WSDL they are able to find out which operations to call and what parameters to pass. But there are certain things which are not there in WSDL. Example, the client need to send username and password in SOAP header ...

64. How to impose Security on to JAXWS    coderanch.com

65. Implementing security for a webservice    coderanch.com

66. Web service Security    coderanch.com

Hi! It depends on the web service you are trying to call. If the web service require authentication, then the client must supply authentication credentials. It is optional to implement authentication in a web service - you can have web services without any kind of authentication. Authentication may not be necessary if the web service is published to a private network. ...

67. Webservice Security and LTPA    coderanch.com

68. Web Services Security in tomcat6    coderanch.com

I am going to ask several things in this post. Be patient at my ignorance. I am bit confused as to what the right approach is, what components to use when securing web services in tomcat 6. Any suggestions you can provide is greatly appreciated. Currently I have a web service running in tomcat6 (SOAP, HTTP). I want to secure this ...

69. Question regarding web service security    coderanch.com

Hi Lester, Thank you so much for your reply. I think I'm implementing signature on my web service. My problem now is that my rampart configuration is hard coded in sevices.xml file (btw, I'm using axis2 and rampart). My merlin.file points to a specific location of the service.jks and password is hard coded. Can you share with any tutorial on how ...

71. java.security.InvalidKeyException: Invalid AES key length: 8 bytes    coderanch.com

Hi, For below code I am getting java.security.InvalidKeyException: Invalid AES key length: 8 bytes error. public Message addUserTokens(SOAPEnvelope unsignedEnvelope) throws Exception { // Get the message as document Document doc = unsignedEnvelope.getAsDocument(); String username = "sdbrown"; String password = "changeit"; byte[] key = password.getBytes(); String idValue = "PayxRSTAuthN"; // Add the UserNameToken. WSSAddUsernameToken usrNameToken = new WSSAddUsernameToken("", false); // usrNameToken.setPasswordType(WSConstants.PASSWORD_TEXT); usrNameToken.setPasswordType(WSConstants.PW_TEXT); ...

72. security implementation in web service application    coderanch.com

Ramesh, i am in the same boat as you are. If you have figured it out, can you tell the steps of which files you configured and what path you deployed I will be only using client to invoke web services for which security is configure. what i need to do from client side i have to know thanks

74. REST security    coderanch.com

Hi, I am wondering as to how the security features are added to the REST based applications like anyone can invoke the URL for GET,POST,DELETE and PUT in order to invoke my RESTful webservice with spam data. What are the common checks done by RESTful servers? Any website that you know of which explains this in good manner will be helpful. ...

75. New to web service-Web service security    coderanch.com

Hi all, I am new to web services. I am using websphere to develop a web service and want to allow only https clients to access the service. how do i configure it in server? Is there a way to do this authentication via the web service itself? please help!! Thanks in advance!

77. Web Service Security    coderanch.com

Hi, I have written a web service for new user enrollment which will be used by our trusted 3rd party services but i found that anybody who come to know the web service url can enroll the user. Can you please let know what do i need to do to make sure that the request coming is coming from a valid ...

78. Web Service security    forums.oracle.com

79. Implementing Security in Web Service    forums.oracle.com