JSON/REST over HTTPS + WS Security possible?

We have a new security person at the office doing some penetration tests on the APIs I've put in place.

He pointed out that we are not using WS Security on top of the JSON/REST service we are exposing over HTTPS to the outside world.

My question is, is it really possibly to combine WS Security with JSON/REST services?

To my knowledge, WS Security have nothing to do with JSON/REST service at all.. It is used for regular Web services, embedding extra security elements in the SOAP envelope. But, we are not using SOAP for the APIs...

链接地址: http://www.djcxy.com/p/71426.html

上一篇: 为什么不是SOAP

下一篇: 可以通过HTTPS + WS安全实现JSON / REST?