I have a jax-ws soap web service (implemented NOT like Session bean) generated in NetBeans from wsdl. Deployed on Glassfish 3.1.2. I want to secure access to it using mutual certificate authentication usig SSL and https. I have read a lot of articles and books. As I understood there are several variants:
- use OpenSSL (unfortunately it fails during deployment, I can show stacktrace if needed);
- use http://www.ibm.com/developerworks/java/library/j-jws10/index.html [Jax-ws metro security]
I have the following questions:
- What is the best and the most adequate method? May be you can advise me anything else?
- Could you show me a good tutorial which includes every step (generating certificates, modifying source code, config Glassfish)?
- And why web service security is considered different from simple web apps security?
