Apply Web Services Security to EJB Applications
By superpat on Aug 30, 2007
Back in May, at JavaOne 2007, Aravindan Ranganathan and Malla Simhachalam presented a hands-on lab titled Securing Identity Web Services. The lab showed how to provide different levels of stock quote service according to the identity of an end-user - authenticated users see real-time stock data while 'guests' see delayed quotes.
Since then, Malla, Mrudul Uchil and Marina Sum have written up the lab tutorial as a three-part series of articles at the Sun Developer Network showing how identity can be carried from an incoming web services request right through to an EJB. The sample application shows the request and response messages graphically, and provides links to the XML message data - a particularly nice feature that shows exactly what is going on.