Given a scenario, implement J2EE based web service web-tier and/or EJB-tier basic security mechanisms, such as mutual authentication, SSL, and access control.

JAX-RPC implementation has to support HTTP Basic authentication. JAX-RPC specifciation does not require JAX-RPC implementation to support certificate based mutual authentication using HTTP/S (HTTP over SSL).

HTTP Basic Authentication

  1. Add the appropriate security elements to the web.xml deployment descriptor:

    
    <?xml version="1.0"?>
    
    <web-app version="2.4" ...>
    	<display-name>Basic Authentication Security Example</display-name>
    
    	<security-constraint>
    		<web-resource-collection>
    			<web-resource-name>SecureHello</web-resource-name>
    			<url-pattern>/hello</url-pattern>
    			<http-method>GET</http-method>
    			<http-method>POST</http-method>
    		</web-resource-collection>
    
    		<auth-constraint>
    			<role-name>admin</role-name>
    		</auth-constraint>
    
    		<user-data-constraint>
    			<transport-guarantee>NONE</transport-guarantee>
    		</user-data-constraint>
    	</security-constraint>
    	
    	<login-config>
    		<auth-method>BASIC</auth-method>
    	</login-config>
    
    	<security-role>
    		<role-name>admin</role-name>
    	</security-role>
    </web-app>
    								
    								

  2. Set security properties in the client code:

    try {
    	Stub stub = createProxy();
    	stub._setProperty(javax.xml.rpc.Stub.USERNAME_PROPERTY, username);
    	stub._setProperty(javax.xml.rpc.Stub.PASSWORD_PROPERTY, password);
    	stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY, endpointAddress);
    	
    	HelloIF hello = (HelloIF)stub;	
    	System.out.println(hello.sayHello(" Duke (secure)" ));
    } catch (Exception ex) {
    	ex.printStackTrace();
    }								
    								

Mutual Authentication

  1. Configure SSL connector

  2. Add the appropriate security elements to the web.xml deployment descriptor:

    
    <?xml version="1.0"?>
    <web-app version="2.4" ...>
    	<display-name>Secure Mutual Authentication Example</display-name>
    
    	<security-constraint>
    		<web-resource-collection>
    			<web-resource-name>SecureHello</web-resource-name>
    			<url-pattern>/hello</url-pattern>
    			<http-method>GET</http-method>
    			<http-method>POST</http-method>
    		</web-resource-collection>
    		
    		<user-data-constraint>
    			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
    		</user-data-constraint>
    	</security-constraint>
    	
    	<login-config>
    		<auth-method>CLIENT-CERT</auth-method>
    	</login-config>
    </web-app>
    								
    								

  3. Set Security Properties in client code:

    try {
    	Stub stub = createProxy();
    	System.setProperty("javax.net.ssl.keyStore", keyStore);
    	System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
    	System.setProperty("javax.net.ssl.trustStore", trustStore);
    	System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
    	stub._setProperty(javax.xml.rpc.Stub.ENDPOINT_ADDRESS_PROPERTY,endpointAddress);
    
    	HelloIF hello = (HelloIF)stub;
    	System.out.println(hello.sayHello(" Duke! secure!"));
    } catch (Exception ex) {
    	ex.printStackTrace();
    }								
    								

Professional hosting     Belorussian informational portal         Free SCWCD 1.4 Study Guide     Free SCBCD 1.3 Study Guide     SCDJWS 1.4 Quiz     Free IBM Certified Associate Developer Study Guide     Free SCJP 5.0 (Tiger) Study Guide     Free Mock Exam Engine     IBM Test 000-287. Enterprise Application Development with IBM WebSphere Studio, V5.0 Study Guide     IBM Test 000-255. Developing with IBM Rational Application Developer for WebSphere Software V6 Study Guide