Adding a stand-alone security token to a Web service

You can protect your information against authentication attacks and unauthorized retrieval by adding a stand-alone security token.

Prerequisite: You must first create or import a project containing a Web service.

One type of stand-alone security token is a user name token. You can add these security tokens to both the client and server. To add a user name type stand alone security token to a Web server:

  1. Change to the Java EE perspective.

    1. Click

      Window | Open Perspective | Other.

    2. Select Java EE from the list and click OK.

  2. Expand the

    Web Services tab in the Project Explorer view.

  3. Expand the

    Services tab.

  4. Right-click on your service and select

    Secure Web Service | Add Stand Alone Security Token.

  5. Choose the Type of the Standalone Security Token that you need to add to your service from the drop down list. Click Finish.

    When creating an SAST for your server, you are given the option to choose your token type. For more information on token types, reference the application level token generator file referenced below in the related links section.

    When creating an SAST for your client, you are given the option to choose both a token type and a call back handler. For more information on call back handlers, reference the callback handler configuration settings file referenced below in the related links section. A user name type SAST now secures your server. You must now create a corresponding token for your client in order for the client to have access to the server.

  6. In order for the client to access the server, add a corresponding SAST for the client using one of the following methods:

    • To create a corresponding SAST using the stand-alone security token wizard:

      1. Right-click on the client and select

        Secure Web Service Client | Add Stand Alone Security Token.

      2. Repeat step 5 above, entering the same information for the client as was used when you set up your stand alone security token on the server.

    • If you have finished setting up all types of security for your server you can add a corresponding SAST token using the Based on a Secured Web Service wizard:

      1. Right-click on the client and select

        Secure Web Service Client | Based on a Secured Web Service.

      2. Choose the Web Service from the drop-down list.

      3. Go through the rest of the pages in the wizard to provide information to secure the Client. You will be asked to provide information that cannot be concluded from your service security information.

You have now protected your service interaction with authentication security. You can see the changes in your XML source opening your Web service .xmi file. To open this file, click

Client, then find the corresponding .xmi file in the

yourProjectName/WebContent/WEB-INF/ directory.

 

Related concepts

Authentication in Web services security

Web services

 

Related tasks

Adding an XML digital signature to a Web service

Adding XML encryption to a Web service

Related information

Configuring the token generator on the application level

Callback handler configuration settings