Deploy and Security about WS on Tomcat
1. in web.xml, there are two classes of JAX-WS: WSServlet and WSServletContainerListener<listener>
<listener-class>
com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class>
</listener>
<servlet>
<servlet-name>ladss</servlet-name>
<servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ladss</servlet-name>
<url-pattern>/test</url-pattern>
</servlet-mapping>
Please be advised that one WSServlet could be mapped more than one WS instances.
A WSServletContainerListener instance will parse a second (次要的,附加的), sun-specific configuration file named sun-jaxws.xml which provides the web service's endpoint by connecting the WSServlet instance to the service's implementation class.Here is the sun-jaxws.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<endpoints xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" version="2.0">
<endpoint
name="test"
implementation="hello.CircleFunctions"
url-pattern="/test">
</endpoint>
</endpoints>
Security: Application-managed authentication & Container -managed authentication
a. Application-managed authentication
b. Container-managed authentication
Because Tomcat provides the concept 'Realm' that plays a central role. A realm is a collection of resources, including web pages and web services, with a designed authentication and authorization facility. Tomcat provides five plugins:
1. JDBC
2.DataSource
3. JNDI (the authentication information is stored in an LDAP-based lightweight directory access protocol) directory service, which is available through a JNDI provider.
4.Memory Realm, the authentication info is read into the container at startup from the file conf/tomcat-user/xml. this is the simplest choice and the default.
5.JAAS the authentication information is available (Java authentication & authorization service) provider, which in turn is available in a Java applicaiton server such as BEA, weblogic, glassfish, Jboss.
页:
[1]