Container-Managed Security for Web Service
(Tomcat is the reference
implementation, it can not only be used to published Restful web service as
servlet, but also can publish SOAP-based web service.)
It provides not only user authentication but also wire-level
security.
Securing the @WebService underTomcat
You should ensure that the Tomcat connector for SSL/TLS
is enabled. Tomcat connector is an endpoint for client request. You need to update
tomcat configuration file config/server.xml
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
connectionTimeout="20000" redirectPort="8443"
SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/conf/server.keystore"
keystorePass="123456" />
keystore and truststore, that have same format, client uses
truststore to compare the certificate from Tomcat.
Client code to invoke web service.
public class Test {
public static final String END_POINT = "https://localhost:8443/WebServiceExample/tc?wsdl";
/**
* @param args
*/
public static void main(String[]
args) {
TempConvertImplService
port = new TempConvertImplService();
TempConvert
service = port.getTempConvertImplPort();
//
Map<String,
Object> req_ctx = ((BindingProvider)service).getRequestContext();
req_ctx.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, END_POINT);
//place username
and password into header which a non-java client could do as well.
Map<String,
List<String>> hdr = new HashMap<String,
List<String>>();
hdr.put("Username", Collections.singletonList("localhost"));
hdr.put("Password", Collections.singletonList("123456tt"));
req_ctx.put(MessageContext.HTTP_REQUEST_HEADERS, hdr);
System.out.println(service.c2F(12.f));
System.out.println(service.f2C(-40.1f));
}
}
在SEI中添加authenticated()进行Authentication
@WebService(endpointInterface="com.csc.ws.temp.TempConvert")
public class TempConvertImpl
implements TempConvert {
@Resource
WebServiceContext
ws_ctx;
@Override
public float c2f(float c) {
if
(authenticated()) {
return
32.0f + (c * 9.0f/5.0f);
}
else {
System.err.println("Authentication
failure with exception ");
throw new HTTPException(401);
}
}
@Override
public float f2c(float c) {
if
(authenticated()) {
return
(5.0f/9.0f)*(c-32.0f);
}
else {
System.err.println("Authentication
failure with exception ");
throw new
HTTPException(401);
}
}
private boolean
authenticated(){
MessageContext
mctx = ws_ctx.getMessageContext();
Map
http_headers = (Map) mctx.get(MessageContext.HTTP_REQUEST_HEADERS);
List
uList = (List) http_headers.get("Username");
List
plist = (List) http_headers.get("Password");
if
(uList.contains("localhost") && plist.contains("123456")) return true;
else return false;
}
}
分享到:
相关推荐
Authentication, authorization, and communication design for your services Solution patterns for common distributed application scenarios using WCF Principles, patterns, and practices for improving key...
Web Application Security Resources Chapter 11. Web Security Assessment Section 11.1. Black-Box Testing Section 11.2. White-Box Testing Section 11.3. Gray-Box Testing Chapter 12. Web ...
Module 2, Go Programming Blueprints, has a project-based approach where you will be building chat application, adding authentication, and adding your own profile pictures in different ways....
Node.js Web Development: Build secure and high performance web applications with Node.js 10 Node.js is a server-side JavaScript platform using an event-driven, non-blocking I/O model allowing users to...
security concepts as they relate to services, service-oriented design, and Service-Oriented Architecture (SOA). • Part II – WCF Security Fundamentals gives you a firm foundation in key WCF security ...
Network Security: Private Communication in a Public World, Second Edition By Charlie Kaufman, Radia Perlman, Mike Speciner ............................................... Publisher: Prentice Hall ...
Notification that the web application initialization process is starting. Cookie - class javax.servlet.http.Cookie. Creates a cookie, a small amount of information sent by a servlet to a Web browser,...
Configuring web application security 180 Running the sample web application 185 Configuring EJB application security 185 Defining security roles in the deployment descriptor 185 Declaring method ...
In Detail, This book will take you through the most important aspects of designing, building, and deploying a web service utilizing idiomatic REST practices with a focus on speed, security, and ...
Go beyond just the interaction with the gateway service and build an application that will be robust and useful over time. Set up a Stripe and PayPal payment gateway and accept credit card payments. ...
based resource allocation problem in which a set of cloud computing resources is used by a service provider to host a typical Web services application for single-class customer services and ...
This book will take you through the most important aspects of designing, building, and deploying a web service utilizing idiomatic REST practices with a focus on speed, security, and flexibility....
Secure your application against various security threats Table of Contents Chapter 1: Getting Ready Chapter 2: ASP.NET Controllers and Server-Side Routes Chapter 3: Angular 2 Components and Client-...
For most developers, writing code is a balance between maintainability and productivity how quickly can you write it versus how much more you ...Secure your application against various security threats
Building your client-side application 15 Building your server-side application 20 Debugging your application 22 Deploying your application 25 Part 2: BlazeDS architecture Chapter 3: BlazeDS ...
Configure security features for Web applications, including authentication and authorization •Test and debug coding errors •Deploy applications to your server or hosting service •...
Next, you will master authorization, authentication, and security techniques in Ionic 3 to ensure that your application and data are secure. Further, you will integrate the backend services such as ...
any website or web service for information and interact with them. For example, you can search for products on Amazon or Google. Chapter 8, Network Monitoring and Security, introduces you to various ...
Three services that most often address network user security requirements are confidentiality, message integrity and authentication. A confidentiality service provides assurance that data is kept ...