I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
Related
How do I set up a web application with OAuth2 authentication, where the web application connects to two underlying REST services (through client-side JavaScript from the user's browser)?
I am controlling all servers, and I need to make sure that nobody accesses the web application and the REST services without authentication.
How should this be done?
Should I configure all three servers (the web application and the two REST services) using a single application id?
BTW:I plan to use IdentityServer4 as the authentication server.
Best regards,
Morten :-)
I am working on a microservices application that has a webapp backend consuming a RESTful web service endpoint.
I use IntelliJ and I would like to see the traffic (requests, responses, headers, etc.) between the webapp backend (the client) and the web service endpoint.
How is that possible?
Note:
I have tried using the bundled REST Client but it is just meant to issue requests to a web service endpoint.
The chrome console is of no use either because it just monitor the traffic between the SPA and the webapp backend...
My webapp and endpoint are developed in Spring/Java.
I am trying to write a web service client using Jax-ws for a secured webservice hosted by a third party. While doing so, I am facing a lot of issues and somehow wanted to find out if the issue is with my client or the hosted web service.
Do we have any publicly available and free secure web services on the internet? I can find many non secure services.
Have a look at this URL:
http://www.webservicex.net/ws/wscatlist.aspx
... where you can find a bunch of published webservices.
I exposing EJB3.0 stateless session bean as web service using JAX-WS annotations and right now I'm using JBOSS5.1.0 GA as application server and JBOSSWS is generating the WSDL for me when I deploy the EAR.
Now I want to secure the web services by providing authentication and encryption-decryption on the SOAP messages. How do I can achieve that, Is there any annotations available for both in JAX-WS (or) can I achieve by doing any configuration at EJB level. I do not want to do secure web services with respect to JBOSS, because I want to deploy the same EAR in different application as well.
So please help me to build the generic EJB3.0 web services bean with the security implementation ., Thanks a lot in advance
Concerning SOAP WebServices, you can a lot of posts in this forum related to your question. In particular in User authenticate in SOAP I've mentioned that there several ways to authenticate the client.
Supposing that you want to authenticate the client by X.509 certificate. Then:
For JBossWS refer WS-SecurityOptions – X509 Certificate Token
For Metro/JAX-WS services refer Using JAX-WS-Based Web Services with SSL
For Apache CXF refer WS-Security
For Spring Security refer Spring Security With X.509 Certificate
Are there any special configuration settings you have to do to make a web service work with SSL?
Is there a way to force the service methods to authenticate using a username/password like I can do with a WCF service?
No. SSL support provided by web server (IIS).
Yes. Just configure authentication through web.config