Gridshore » authorization

Feeling secure with Web Services – Part 2

Allard — Mon, 26 May 2008 19:23:04 +0000

jQuery(document).ready(function($) { window.setTimeout('loadFBShareMe_134()',5000); }); function loadFBShareMe_134(){ jQuery(document).ready(function($) { $('.dd-fbshareme-134').remove();$('.DD_FBSHAREME_AJAX_134').attr('width','53');$('.DD_FBSHAREME_AJAX_134').attr('height','69');$('.DD_FBSHAREME_AJAX_134').attr('src','http://widgets.fbshare.me/files/fbshare.php?url=http://www.gridshore.nl/2008/05/26/feeling-secure-with-web-services-part-2/&size=large'); }); }

There seems to be a lot of misunderstanding about Web Service security. Using password authentication doesn’t prevent unauthorized users to access your data, while SSL / HTTPS doesn’t give you any information about who is trying to access your services. And did you ever [...]

Feeling secure with Web Services – Part 1 – The UsernameToken

Allard — Tue, 20 May 2008 19:25:59 +0000

jQuery(document).ready(function($) { window.setTimeout('loadFBShareMe_133()',5000); }); function loadFBShareMe_133(){ jQuery(document).ready(function($) { $('.dd-fbshareme-133').remove();$('.DD_FBSHAREME_AJAX_133').attr('width','53');$('.DD_FBSHAREME_AJAX_133').attr('height','69');$('.DD_FBSHAREME_AJAX_133').attr('src','http://widgets.fbshare.me/files/fbshare.php?url=http://www.gridshore.nl/2008/05/20/feeling-secure-with-web-services-part-1-the-usernametoken/&size=large'); }); }

Recently, I’ve been helping a customer with some Web Service issues. One of the problems was their limited knowledge of security in that area. He asked me to explain, in Jip and Janneke language [1] how SSL works and what it actually secures.

There [...]

Feeling secure with Web Services – Introduction

Allard — Sat, 17 May 2008 13:45:27 +0000

jQuery(document).ready(function($) { window.setTimeout('loadFBShareMe_132()',5000); }); function loadFBShareMe_132(){ jQuery(document).ready(function($) { $('.dd-fbshareme-132').remove();$('.DD_FBSHAREME_AJAX_132').attr('width','53');$('.DD_FBSHAREME_AJAX_132').attr('height','69');$('.DD_FBSHAREME_AJAX_132').attr('src','http://widgets.fbshare.me/files/fbshare.php?url=http://www.gridshore.nl/2008/05/17/feeling-secure-with-web-services-introduction/&size=large'); }); }

There [...]

Integrating flex 3 with spring security (formerly known as Acegi)

jettro — Sun, 11 May 2008 08:49:15 +0000

jQuery(document).ready(function($) { window.setTimeout('loadFBShareMe_126()',5000); }); function loadFBShareMe_126(){ jQuery(document).ready(function($) { $('.dd-fbshareme-126').remove();$('.DD_FBSHAREME_AJAX_126').attr('width','53');$('.DD_FBSHAREME_AJAX_126').attr('height','69');$('.DD_FBSHAREME_AJAX_126').attr('src','http://widgets.fbshare.me/files/fbshare.php?url=http://www.gridshore.nl/2008/05/11/integrating-flex-3-with-spring-security-formerly-known-as-acegi/&size=large'); }); }

This blog item show a way of doing security, after some additional experience I consider this method as being non optimal. The server side does not change a lot (spring security configuration), but the client does. I explain my current solution is this blog [...]