You can protect your information against authentication
attacks and unauthorized retrieval by adding a stand-alone security
token.
Before you begin
Prerequisite: You must first create or import a project
containing a web service.
About this task
One type of stand-alone security token is a user name token.
You can add these security tokens to both the client and server. To
add a user name type stand alone security token to a Web server:
Procedure
- Change to the Java™ EE
perspective.
- Click .
- Select Java EE
from the list and click OK.
- Expand the Web Services tab in the
Project Explorer view.
- Expand the Services tab.
- Right-click on your service and select .
- Choose the Type of the Standalone Security Token that you
need to add to your service from the drop down list. Click Finish.
When creating an SAST for your server, you are given the
option to choose your token type. For more information on token types,
reference the application level token generator file referenced below
in the related links section.
When creating an SAST for your
client, you are given the option to choose both a token type and a
call back handler. For more information on call back handlers, reference
the callback handler configuration settings file referenced below
in the related links section.
A user name type
SAST now secures your server. You must now create a corresponding
token for your client in order for the client to have access to the
server.
- In order for the client to access the server, you must
add a corresponding SAST for the client using one of the following
methods:
- To create a corresponding SAST using the stand-alone security
token wizard:
- Right-click on the client and select .
- Repeat step 5 above, entering the same information for the client
as was used when you set up your stand alone security token on the
server.
- If you have finished setting up all types of security for
your server you can add a corresponding SAST token using the Based
on a Secured Web Service wizard:
- Right-click on the client and select .
- Choose the Web Service from the drop-down list.
- Go through the rest of the pages in the wizard to provide information
to secure the Client. You will be asked to provide information that
cannot be concluded from your service security information.
What to do next
You have now protected your service interaction with authentication
security. You can see the changes in your XML source opening your
web service .xmi file. To open this file, click
Client,
then find the corresponding .xmi file in the
yourProjectName/WebContent/WEB-INF/ directory.