All geek questions in one place

What mechanism / structure of a web service should be used for highly protected applications?

I work for a company that develops highly secure web services for banking applications. Web services will be created and used to establish communications with applications that are already in use at the bank. Web services will be deployed to the JBoss server. Which web services framework / mechanisms are best suited for highly secure applications? I did some research and published some examples. They look as follows.

  • Apache axis2
  • Apache cxf
  • Jax-ws

I even read that the JBoss server has a built-in web services mechanism, but it did not collect a lot of information about this. I also read that Apache Axis2 implements security features using Apache Rampart. How effective is Apache Rampart? Is it suitable for the above application? Are there any other security implementations besides Rampart for Axis2?

What structure / engine to choose? Is there a good and reliable framework with strong community support other than the ones mentioned above?

+4
source share
1 answer

The most recent versions of JBoss use CXF as their primary web services engine (although they do have their own implementation that they support).

In security situations, the best choice of the three is certainly Apache CXF. CXF developers (notably Colm and Oli) are the people who manage most of the improvements in the security space. The latest released version of Rampart uses the rather old version of WSS4J, which does not contain many of the new features and improvements that CXF users use.

A good resource to view is Colma's blog: http://coheigea.blogspot.com/

You can see how much work he did to make sure that CXF has the best WS-Security implementation, very good STS, etc. The Oli blog ( http://owulff.blogspot.com/ ) began to document extensions for Tomcat and thus support WS-Federation and SSO, again based on the work being done for CXF.

+4
source

Source: https://habr.com/ru/post/1400528/

More articles:


All Articles