The process of securing web services is similar to that of protecting a web URL, and we have seen two examples of that in previous sections. We specify <security-constraint>
and <login-config>
in web.xml
. Let’s see how to protect the REST web service we developed in Chapter 9, Creating Web Services:
- Copy and import the
CourseManagementREST
andCourseManagementRESTClient
projects fromChapter09
into the workspace for this chapter. As the names suggests, the first project is the REST service, and the second project is a standalone client application that calls the web service. - Deploy the
CourseManagementREST
project in Tomcat (see the previous section for details on how to do this). - Make sure the
testGetCoursesJSON
method is called from themain
method inCourseManagementClient.java
from the CourseManagementRESTClient project. - Run the application (right-click on the file in
Project Explorer
and selectRun As
|Java Application
), and verify that the service is...