Adding a stand-alone security token to a Web service
You can protect your information against authentication attacks and unauthorized retrieval by adding a stand-alone security token.
Prerequisite: You must first create or import a project containing a Web service.
One type of stand-alone security token is a user name token. You can add these security tokens to both the client and server. To add a user name type stand alone security token to a Web server:
- Change to the Java EE perspective.
- Click
Window | Open Perspective | Other.
- Select Java EE from the list and click OK.
- Expand the
Web Services tab in the Project Explorer view.
- Expand the
Services tab.
- Right-click on your service and select
Secure Web Service | Add Stand Alone Security Token.
- Choose the Type of the Standalone Security Token that you need to add to your service from the drop down list. Click Finish.
When creating an SAST for your server, you are given the option to choose your token type. For more information on token types, reference the application level token generator file referenced below in the related links section.
When creating an SAST for your client, you are given the option to choose both a token type and a call back handler. For more information on call back handlers, reference the callback handler configuration settings file referenced below in the related links section. A user name type SAST now secures your server. You must now create a corresponding token for your client in order for the client to have access to the server.
- In order for the client to access the server, add a corresponding SAST for the client using one of the following methods:
- To create a corresponding SAST using the stand-alone security token wizard:
- Right-click on the client and select
Secure Web Service Client | Add Stand Alone Security Token.
- Repeat step 5 above, entering the same information for the client as was used when you set up your stand alone security token on the server.
- If you have finished setting up all types of security for your server you can add a corresponding SAST token using the Based on a Secured Web Service wizard:
- Right-click on the client and select
Secure Web Service Client | Based on a Secured Web Service.
- Choose the Web Service from the drop-down list.
- Go through the rest of the pages in the wizard to provide information to secure the Client. You will be asked to provide information that cannot be concluded from your service security information.
You have now protected your service interaction with authentication security. You can see the changes in your XML source opening your Web service .xmi file. To open this file, click
Client, then find the corresponding .xmi file in the
yourProjectName/WebContent/WEB-INF/ directory.
Related concepts
Authentication in Web services security
Related tasks
Adding an XML digital signature to a Web service
Adding XML encryption to a Web service
Related information
Configuring the token generator on the application level
Callback handler configuration settings