Deploy and Security about WS on Tomcat

1. in web.xml, there are two classes of JAX-WS: WSServlet and WSServletContainerListener

 

 

<listener>

<listener-class>

com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class>

</listener>

<servlet>

<servlet-name>ladss</servlet-name>

<servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>

</servlet>

 

<servlet-mapping>

<servlet-name>ladss</servlet-name>

<url-pattern>/test</url-pattern>

</servlet-mapping>

 

 

Please be advised that  one WSServlet could be mapped more than one WS instances. 

 

A WSServletContainerListener instance will parse a second (次要的，附加的), sun-specific configuration file named sun-jaxws.xml which provides the web service's endpoint by connecting the WSServlet instance to the service's implementation class.Here is the sun-jaxws.xml file:

 

<?xml version="1.0" encoding="UTF-8"?>

<endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" version="2.0">

    <endpoint

     name="test"

     implementation="hello.CircleFunctions"

     url-pattern="/test">         

     </endpoint>   

</endpoints> 

 

 

Security: Application-managed authentication  &  Container -managed authentication

 

a. Application-managed authentication

b. Container-managed authentication

Because Tomcat provides the concept 'Realm'  [relm] that plays a central role. A realm is a collection of  resources, including web pages and web services, with a designed authentication and authorization facility. Tomcat provides five plugins:

1. JDBC

2.DataSource

3. JNDI (the authentication information is stored in an LDAP-based lightweight directory access protocol) directory service, which is available through a JNDI provider.

4.Memory Realm, the authentication info is read into the container at startup from the file conf/tomcat-user/xml. this is the simplest choice and the default.

5.JAAS the authentication information is available (Java authentication & authorization service) provider, which in turn is available in a Java applicaiton server such as BEA, weblogic, glassfish, Jboss.