O'Reilly logo

J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice by Pankaj Kumar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Servlet Security for Web Services

Irrespective of what API a Web service client uses, it eventually creates a SOAP message and posts it, using HTTP POST, to the service address URL. This message is picked up by the Tomcat Web container and delivered to the Axis servlet. Axis, after doing its own processing and conversions, invokes the appropriate service implementation code. So, in its guts, interaction between a client program and Web service is not very different from the way a Web browser interacts with a Servlet-based Web application deployed within a Web container.

So you should not be surprised to learn that it is possible to make use of Servlet security mechanisms, as explained in Chapter 9, Web Application Security, to authenticate the ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required