Security
By default no security is configured. Because it is simply a Servlet 2.5 web application, it can be secured in all the usual ways by configuration in the web.xml.
In addition the cache server supports the use of
XWSS 3.0 to secure the Web Service. All required libraries are packaged in the war for XWSS 3.0. A sample, commented out server_security_config.xml is provided in the WEB-INF directory. XWSS automatically looks for this configuration file. A simple example, based on an XWSS example,
net.sf.ehcache.server.soap.SecurityEnvironmentHandler, which looks for a password in a System property for a given user name is included. This is not recommended for production use but is handy when you are getting started with XWSS. To use XWSS:
1. Add configuration in accordance with XWSS to the server_security_config.xml file.
2. Create a class which implements the CallbackHandler interface and provide its fully qualified path in the SecurityEnvironmentHandler element.
3. Use the integration test EhcacheWebServiceEndpoint to see how to use the XWSS client side.
4. On the client side, make sure configuration is provided in a file called client_security_config.xml, which must be in the root of the classpath.
5. To add client credentials into the SOAP request do:
cacheService = new EhcacheWebServiceEndpointService().getEhcacheWebServiceEndpointPort();
//add security credentials
((BindingProvider)cacheService).getRequestContext().put(BindingProvider.USERNAME_PROPERTY,
"Ron");
((BindingProvider)cacheService).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
"noR");
String result = cacheService.ping();
|
Feedback