Does anyone have a recommendation about web service security architecture in Java (preferably under JBoss)? Any recommended reading?
有没有人有关于Java中的Web服务安全体系结构的建议(最好是在JBoss下)?有推荐的阅读吗?
I want to expose a fairly rich web service to the world but the data are sensitive and it requires authentication from the current client (Flex), accessed via RPC. I definitely do not want any server-side session state.
我想向世界公开一个相当丰富的Web服务,但数据是敏感的,它需要从当前客户端(Flex)进行身份验证,通过RPC访问。我绝对不希望任何服务器端会话状态。
What's the best way to go about implementing security through web services in Java/JBoss and where can I read about it?
在Java / JBoss中通过Web服务实现安全性的最佳方法是什么?我在哪里可以阅读它?
3 个解决方案
#1
1
For web services security in JBoss, I would start by reading 8.4 WS-Security of the JBossWS User Guide.
对于JBoss中的Web服务安全性,我首先阅读JBossWS用户指南的8.4 WS-Security。
#2
2
You could try:
你可以尝试:
#3
0
WSSE is simple and works well.
WSSE很简单,效果很好。
http://www.xml.com/pub/a/2003/12/17/dive.html
http://www.sixapart.com/developers/atom/protocol/atom_authentication.html
#1
1
For web services security in JBoss, I would start by reading 8.4 WS-Security of the JBossWS User Guide.
对于JBoss中的Web服务安全性,我首先阅读JBossWS用户指南的8.4 WS-Security。
#2
2
You could try:
你可以尝试:
#3
0
WSSE is simple and works well.
WSSE很简单,效果很好。
http://www.xml.com/pub/a/2003/12/17/dive.html
http://www.sixapart.com/developers/atom/protocol/atom_authentication.html