Home | PDF | API | FAQ | Search | Feedback | History

Securing Web Services

The security model used for web services is based on specifications and recommendations of various standards organizations (see Web Services Security Initiatives and Organizations). The challenge behind the security model for Java EE-based web services is to understand and assess the risk involved in securing a web-based service today and, at the same time, track emerging standards and understand how they will be deployed to offset the risk in the future.

This chapter addresses using message security to address the characteristics of a web service that make its security needs different from those of other Java EE applications.

This chapter assumes that you are familiar with the web services technologies being discussed, or that you have read the following chapters in this tutorial that discuss these technologies:

Chapter 1, "Building Web Services with JAX-WS"
Chapter 3, "Using JAXB"
Chapter 6, "Java API for XML Registries"
Chapter 5, "SOAP with Attachments API for Java"

All of the material in The Java(TM) Web Services Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.