SSL Security for Web Services
JAX-RPC doesn't mandate the support for HTTPS. However it is possible to configure the Tomcat to accept HTTPS connections in the same way as for a Web application. It is also possible to configure mandatory client authentication through the client certificate, resulting in mutual authentication. We have already described the required configuration details in Chapter 9 and do not repeat them here. Instead, we go through the steps in configuring and running the previous example to use HTTPS.
Web service client programs can use HTTPS by simply setting appropriate system properties and using address URLs with scheme https in place of http, to access the service. The relevant system properties for Sun's implementation ...
Get J2EE™ Security for Servlets, EJBs and Web Services: Applying Theory and Standards to Practice now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
