Chapter 5.  Configure Java EE security for a SOAP web service

5.1.  Configure security requirements of service using Java EE-container based security (overlaps with steps in other tasks - repeated here for convenience)

5.1.1.  Configure security requirements through deployment descriptors (web.xml, webservices.xml) for a Servlet-based web service endpoint: container authorization, caller authentication, and message protection. JAX-WS runtime may also be configured to perform message layer authentication and protection.

blah-blah

5.1.2.  Configure security requirements through deployment descriptors (ejb-jar.xml, webservices.xml) for EJB-based web service endpoint:

5.1.2.1.  Configure transactional support.

blah

5.1.2.2.  Configure container role based access control via method-permissions in ejb-jar.xml or via access control annotations on EJB.

blah

5.1.2.3.  Configure caller authentication and message protection; either by Servlet container via web.xml, and/or by JAX-WS message processing runtime.

blah

5.1.3.  Configure security requirements through deployment descriptor (web.xml) for JAX-RS based web service endpoint.

blah-blah

Professional hosting         'Oracle Certified Expert Web Services Developer 6' Quiz     Free SCDJWS 5.0 Guide