You can protect your information against authentication attacks
and unauthorized retrieval by adding a stand-alone security token.
Prerequisite: You must first create or import a project containing
a Web service.
One type of stand-alone security token is a user name token. You
can add these security tokens to both the client and server. To add a user
name type stand alone security token to a Web server:
- Change to the J2EE perspective.
- Click .
- Select J2EE from the list and click OK.
- Expand the Web Services tab in the Project
Explorer view.
- Expand the Services tab.
- Right-click on your service and select .
- Choose the Type of the Standalone Security Token that you need
to add to your service from the drop down list. Click Finish.
When creating an SAST for your server, you are given the option to
choose your token type. For more information on token types, reference the
application level token generator file referenced below in the related links
section.
When creating an SAST for your client, you are given the option
to choose both a token type and a call back handler. For more information
on call back handlers, reference the callback handler configuration settings
file referenced below in the related links section.
A
user name type SAST now secures your server. You must now create a corresponding
token for your client in order for the client to have access to the server.
- In order for the client to access the server, you must add a corresponding
SAST for the client using one of the following methods:
- To create a corresponding SAST using the stand-alone security token
wizard:
- Right-click on the client and select .
- Repeat step 5 above, entering the same information for the client as was
used when you set up your stand alone security token on the server.
- If you have finished setting up all types of security for your server
you can add a corresponding SAST token using the Based on a Secured Web Service
wizard:
- Right-click on the client and select .
- Choose the Web Service from the drop-down list.
- Go through the rest of the pages in the wizard to provide information
to secure the Client. You will be asked to provide information that cannot
be concluded from your service security information.
You have now protected your service interaction with authentication
security. You can see the changes in your XML source opening your Web service
.xmi file. To open this file, click Client, then find
the corresponding .xmi file in theyourProjectName/WebContent/WEB-INF/ directory.