The process of securing web services is similar to that of protecting a web URL, and we have seen two examples of that in previous sections. We specify <security-constraint> and <login-config> in web.xml. Let’s see how to protect the REST web service we developed in Chapter 9, Creating Web Services:
- Copy and import the CourseManagementREST and CourseManagementRESTClient projects from Chapter09 into the workspace for this chapter. As the names suggests, the first project is the REST service, and the second project is a standalone client application that calls the web service.
- Deploy the CourseManagementREST project in Tomcat (see the previous section for details on how to do this).
- Make sure the testGetCoursesJSON method is called from the main method in CourseManagementClient.java from the CourseManagementRESTClient...