I have some exposed WebServices in my environment and I want to garantee the security of them.
I've already tried the "Internal Access Only", but it doesn't work properly as a WebFlow. I still have access to the WS WSDL and descriptions. Just for you know better my problem, these WS are consumed by a JBoss Server.
Have you any idea that can I implement to improve my WS security? Maybe using a token or authentication....?Thank you!
You can use basic authentication over SSL to secure the WebServices or use SSL with Client Certificate, but this is very difficult to get it working correct and a some maintenance because client certificates will expire and need to be replaced every now and then.
Alternatively, you can add an input parameter token that will be validated on the server side before the webservice is being executed. You haveto create your own intelligence that creates and validates the tokens.