By Allard, on May 26th, 2008
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
In part 1 , I’ve dealt with Username Token authentication.
In this article, I will describe Transport Level Security (TLS), formerly known as Secure Socket Layer and message encryption.
Continue reading Feeling secure with Web Services – Part 2
By Allard, on May 20th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your services, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In my introductory post I’ve elaborated on what type of security we’d typically want on Web Services.
This article will go more in-depth in the Username Token authentication.
Continue reading Feeling secure with Web Services – Part 1 – The UsernameToken
By Allard, on May 17th, 2008
Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.
There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever think of signing you messages with a digital signature?
In this article, I’ll explain the different methods of securing your Web Services, how each of the methods work and what you actually secure by applying each method.
Continue reading Feeling secure with Web Services – Introduction
By jettro, on May 11th, 2008
This blog item show a way of doing security, after some additional experience I consider this method as being non optimal. The server side does not change a lot (spring security configuration), but the client does. I explain my current solution is this blog post:Integration spring security and flex 3 the sequel/
This article is actually about two things. It explains the basic steps to use the new spring security version 2 library in a java (web) application. I am going to show the basic configuration as well as web resource authorization and bean methods authorization. The other part is the integration of flex with spring security. I am going to show how to use authentication from within flex 3 using the spring security back end. After that I’ll show a service used from within flex through blazeds to ask for the roles a logged in user has. Using these roles I am going to hide buttons to actions non admin users must not use. Like the create new book.
In short this article shows the complete picture of an application using flex 3, blazeds, spring security to authenticate users and authorize actions.
Read on if you want to learn about the integration of these frameworks.
Continue reading Integrating flex 3 with spring security (formerly known as Acegi)
Popular