Menu
So I am new to spring-ws and to SOAP in general and am concerned about the security of information being sent to my SOAP service.
I want to use some sort of http authorization and it seems like this is not done via the spring-ws API.
I admit that I lack a lot of knowledge when it comes to security policy, so anything helps.
By the way I am using glassfish 3 as my application server.
EDIT: I am not trying to put the security features in the soap message. I am sending customer information so the http message has to be encrypted. Authentication to ensure that the request is coming from the right people (so random users cannot use my soap service) would be huge plus.
205
If you want to use SSL client authentication it would be container-specific configuration. If your target deployment is, for example, Glassfish you could start with reading this.
Keep in mind, that with SSL client authentication you would need to deal with either issuing client's certificates (through your own CA) or accepting existing client's certificates. This could be acceptable if your in more or less controlled environment (B2B for example) but real hassle if you trying to build public web service. Do some reading about SSL client authentication, certificates etc - there are plenty info in the Internet.
151
There is a whole chapter describing the security aspects of spring-ws here. Have you look at it?
Edit: Some more information on SO
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
