I had googled for this but havent got any conclusive answers
Is it possible to retrieve and set a cookie in the reponse for JAX-WS webservice ?
How can we maintain sessions in web service ?
Regards
Getting and setting Cookies and Session in Webservice is Supported in JAX-WS. Follow the below link which will help you to enable this on server and Client side.
Programming Stateful JAX-WS Web Services Using HTTP Session
You may also have look at this answer JAX-WS client: maintain session/cookies across multiple services
Related
We just started off with BURP for the web application. We use SOAP UI for WS-Security SOAP Web services. We are planning to extend the security testing to SOAP Web services using BURP. Can you kindly provide any directions on how can we achieve this. Thanks
I couldn't find any information on directly accessing the web service requests in BURP. We need to have a proxy(SOAP UI) to intercept the request. Below is the link for additional details.
http://www.fishofprey.com/2013/01/using-burp-suite-to-test-web-service.html
I need to clarify some problems regarding soap web services.
1) can I call a soap web service by just typing the url of the endpoint in the browser?
2) does the answer for question depend on what type of technologies used to develop the soap web service?
If I need to invoke a soap web service, i need to send a soap request. But by just sending a get or post request from a browser cannot generate a soap request. so by default I shouldn't be able to invoke a soap web service just using the browser.
but the following two resources are contradicting above assumptions of mine.Can someone explain me how these soap web services can be invoked without a soap request?
https://msdn.microsoft.com/en-us/library/aa719483%28v=vs.71%29.aspx
http://alvinalexander.com/blog/post/java/how-to-call-web-service-from-browser
I'm almost done with a jax-rs webservice so currently I'm now working on security part, I have read several articles on implementation of jaas and jdbc realm roles. some how no one seems to talk about authenticating a user from a remote angular js client.
Assuming i set my roles in jdbc/realm and configure my web.xml file ,can i do this?
<form-login-config>
<form-login-page>+"http://54.200.2.152:8080/service/index.html+"</form-login-page>
<form-error-page>+"http://54.200.2.152:8080/service/error.html+"</form-error-page>
</form-login-config>
to re-direct to the remote angular-js client? and if i do that,how to i maintain the js_securitycheck session id? (meanwhile; sessioning is against rest principles, which is stateless .
Also, is <auth-method>BASIC</auth-method> preferable for using a remote angular-js client? sending basic64 code and how do I implement this?
I am starting a new project (a web application) and would like it to retrieve and submit the most of its data through REST web services with AJAX. But I hardly have a good idea of how to ensure a web service to know who is accessing it and only give the data to those who are eligible.
REST web services are stateless, so the authentication should also be stateless.
The most commonly used method for this authentication is to use HTTP authentication headers (details here --> http://www.ietf.org/rfc/rfc2617.txt). Here the pre-requisite is that your should be using SSL\HTTPS otherwise these HTTP authentication headers will become vulnerable to Man in Middle Attack.
If your website doesn't use and SSL then you should probably look to other methods of authentication, this (http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/) article discusses in detail about all those methods. It basically describes mechanisms which are used by Amazon Web Services to authenticate non SSL reqeuets.
Hope this will help.
Am a novice, making a web service on eclipse. Am looking for a way to authenticate requests. A tutorial on how to go about this step by step-both client and server ends- would be most welcome. Thanks.