Adding XML encryption to a Web service
You can protect your information transmissions against confidentiality attacks by adding XML encryption to your Web service.
Prerequisite: Create or import a project containing a Web service.
You can protect both the client and the server using the XML encryption wizard. To add XML encryption protection to a server:
- Change to the Java EE perspective.
- Click
Window | Open Perspective | Other.
- Select Java EE from the list and click OK.
- Expand the
Web Services tab in the Project Explorer view.
- Expand the
Services tab.
- Right-click on your service and select
Secure Web Service | Add XML Encryption.
- In the Confidentiality Message Parts section, there is one Message Part added by default. You can modify the existing default by modifying the Dialect or Key word. You may also add more Message Parts.
- Enter the required information in the Server Side Request Generator XML Encryption window.
- In the
Key store Path field, browse to the XML encryption key.
- In the
Key Store Password field, type the password corresponding to the selected key.
- Select the
Use a Key check box and enter the authentication information for the requester.
- To accept the rest of the defaults and continue to the Server Side Response Generator XML Encryption page, click Next
Note:
You can select your preferred key and data encryption method algorithms with the available drop-down menus in the encryption information section.
The data encryption algorithm is used for encrypting or decrypting parts of a SOAP message, such as the SOAP body or the username token. The following pre-configured algorithms are supported:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
The key encryption algorithm is used to encrypt the key that is used for encrypting the message parts within the SOAP message. The following pre-configured algorithms are supported:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
- http://www.w3.org/2001/04/xmlenc#kw-aes192
- Repeat step 5 and 6 for the Server Side Response Generator XML Encryption window.
- Click Finish. XML encryption security now secures your server.
- In order for the client to access the server, create a corresponding XML encryption security for the client using one of the following methods:
This will set up the all of the necessary security features corresponding with the server, for your client.
- To create a corresponding XML encryption using the XML encryption wizard:
- Right-click on the client and select
Secure Web Service Client | Add XML Encryption .
- Repeat steps 5 - 9 above, using the same information as was used for the XML Encryption wizard on the server side.
- If you have finished setting up all types of security for your server you can create a corresponding XML encryption using the Based on a Secured Web Service wizard:
- Right-click on the client and select
Secure Web Service Client | Based on a Secured Web Service.
- Verify that the corresponding server is selected from the drop-down menu and click Next.
- Enter the required information in the Client Side Request Generator XML Encryption and Client Side Response Consumer XML Encryption sections:
- In the
Key store Path field, browse to the XML encryption key.
- In the
Key Store Password field, type the password corresponding to the selected key.
- Click Finish.
XML encryption security will now protect your server. You can see the changes in your XML source by switching to the Resource perspective and opening your Web service .xmi file.
Related concepts
Confidentiality in Web Services Security
Related tasks
Adding an XML digital signature to a Web service
Adding a stand-alone security token to a Web service