Am a novice, making a web service on eclipse. Am looking for a way to authenticate requests. A tutorial on how to go about this step by step-both client and server ends- would be most welcome. Thanks.
Related
We just started off with BURP for the web application. We use SOAP UI for WS-Security SOAP Web services. We are planning to extend the security testing to SOAP Web services using BURP. Can you kindly provide any directions on how can we achieve this. Thanks
I couldn't find any information on directly accessing the web service requests in BURP. We need to have a proxy(SOAP UI) to intercept the request. Below is the link for additional details.
http://www.fishofprey.com/2013/01/using-burp-suite-to-test-web-service.html
I had googled for this but havent got any conclusive answers
Is it possible to retrieve and set a cookie in the reponse for JAX-WS webservice ?
How can we maintain sessions in web service ?
Regards
Getting and setting Cookies and Session in Webservice is Supported in JAX-WS. Follow the below link which will help you to enable this on server and Client side.
Programming Stateful JAX-WS Web Services Using HTTP Session
You may also have look at this answer JAX-WS client: maintain session/cookies across multiple services
I'am using JAX-WS web service. Only authenticated client should access my web service.So could anyone help me with how to implement authentication in JAX-WS?Thanks in advance.
I'm almost done with a jax-rs webservice so currently I'm now working on security part, I have read several articles on implementation of jaas and jdbc realm roles. some how no one seems to talk about authenticating a user from a remote angular js client.
Assuming i set my roles in jdbc/realm and configure my web.xml file ,can i do this?
<form-login-config>
<form-login-page>+"http://54.200.2.152:8080/service/index.html+"</form-login-page>
<form-error-page>+"http://54.200.2.152:8080/service/error.html+"</form-error-page>
</form-login-config>
to re-direct to the remote angular-js client? and if i do that,how to i maintain the js_securitycheck session id? (meanwhile; sessioning is against rest principles, which is stateless .
Also, is <auth-method>BASIC</auth-method> preferable for using a remote angular-js client? sending basic64 code and how do I implement this?
I have written my web services using apache axis2. Now I want to make my web services secure to avoid unauthorized access.
Is there any way in apache axis by which we can redirect each web service request to a particular web service ? so that it will do authentication and on successful authentication it will forward the request to respective web service.
Thanks,
Ajinkya.
you can use Apache Rampart[1] for this. Instead of redirecting to another web service you can use UT (user name token) to authenticate the uses. Using WS-Security is the correct way to secure a web service. This[2] would help you.
If you interested WSO2 AS[3] provides a integrated environment for web service deployment and add security using its GUI. Further since it is based on WSO2 carbon platform you can integrate your user store with WSO2 AS and then authentication is provided out of the box.
[1] http://axis.apache.org/axis2/java/rampart/
[2] http://wso2.org/library/240
[3] http://wso2.org/library/application-server