Background/Objectives: Service oriented Architecture (SOA) infrastructures using web services are deployed by many firms worldwide. Web Services provide a standard means of inter-operation between heterogeneous software applications that run on a variety of platforms. Most of the web services are offered with HTTP over Simple Object Access Protocol (SOAP) as the underlying infrastructure. The greatest web security threat is accepting the request from the client without proper validation. The objective is to separate the application logic and the security or validation procedures which offers more advantage for software reuse since it is not necessary to recompile, when the validation or security requirements change. Methods: An Interceptor is created for validation which has the token based authentication procedures along with the steps for validating the data. The system is devised in such a way that the business logic will be triggered if and only if the data is validated and passed by the interceptor procedures. Findings: The proposed system provides a way to keep the validation and security mechanism out of application logic and hence this does not modify the existing functionality. Thus, combining all custom security as one unit of validation before hitting the business logic is the basic idea of the proposed system.

Keywords