Weve been waiting for software like this for more than two years.
Instead of the rubbing-two-sticks-together method of adding security code to each Web service or manually configuring Web server layer security, Systinet Corp.s WASP (Web Applications and Services Platform) 4.0 provides a Web administration tool to set access control rights per Web service or per individual method. In tests, eWeek Labs could restrict access to particular users or groups using a variety of user authentication methods or by restricting access to a set of approved IP address ranges.
Its dumbfounding that, until now, 10-year-old file servers offered better security controls than Web service servers. WASP 4.0 earns an Analysts Choice designation for providing a system that does more than just ask customers to add security on their own.
All security settings were centralized and enforced by the server in eWeek Labs tests, no matter what the Web service access method was and without any changes to the Web service implementation code.
Combining powerful, flexible integration with major Java development tools, all major application servers on the server side and low pricing, WASP 4.0 is our clear pick as the best and most sophisticated Web services offering for Java and the one we recommend to Java developers.
Development tools are free and, new in this release, the server is also free for deployment on single-CPU servers. Deployment on two-CPU servers costs $4,000; each additional CPU costs $2,000 more. The server runs on Windows, Linux, Solaris and HP-UX. A C++ version is available, but the package is oriented toward Java.
Although WASP 4.0 interoperated in tests with software written in Microsoft Corp.s Visual Studio .Net (we wrote client applications using C#), it doesnt plug into Microsoft tools or support .Net languages. Thats too bad, as these Web services platforms need security controls and administration tools just as badly as the Java world does. WASP 4.0 supports LDAP and Novell Inc.s eDirectory but wont integrate with Microsofts Active Directory until a fourth-quarter update is released.
We tested Release Candidate 1 of the software. The final version will ship at months end and comprises two components: WASP Developer (the development tools) and WASP Server (the deployment platform).
The WASP Developer 4.0 client provides integration with the Java IDE (integrated development environment) from Sun Microsystems Inc. (Borland Software Corp.s JBuilder and IBMs Eclipse IDEs will be supported in a late-summer update.)
In tests with Sun ONE (Open Net Environment) Studio 4 Enterprise Edition, WASP Developers code-generation tools were easy to access from within the IDE, as were server administration tools to deploy and redeploy our Web services, set server security settings directly from the IDE, use WASPs Web service debugger, or view SOAP (Simple Object Access Protocol) calls using its integrated SOAP Spy traffic sniffer.
Unfortunately, the software lacks a test application generator to quickly try out Web services, although it does have calling-code-generation features.
WASP Server can operate on its own (which is how we tested it) or as part of all the major Java application servers. It has the most comprehensive administration tools weve seen—a full Web-based console (see screen, Page 59), plus command-line tools and SOAP-based administration APIs.
WASP Server supports a number of access control techniques—using its built-in Web server, we could check or uncheck HTTP basic or HTTP digest authentication, Secure Sockets Layer client-side authentication using X.509 digital certificates, and Simple Public-Key Mechanism authentication.
WASP Server also enabled us to use the Java Message Server API for integration with leading message queue products. E-mail is also a supported SOAP technology. However, message queue and e-mail transports must be manually configured by editing Web service deployment descriptor files; they arent yet supported in the development or administration tools.
WASP Server provides the first Web service performance monitoring tools (the software tracks statistics on number of invocations, execution time and bytes transferred). Statistics are on a per-Web-service basis right now; wed like to see cross-server statistics in the future, as well as SNMP support.
West Coast Technical Director Timothy Dyck is at email@example.com.