Configure the server security bindings using the Assembly Toolkit

Create an Enterprise JavaBean (EJB) file Java archive (JAR) file or a Web archive (WAR) file containing the security binding file (ibm-webservices-bnd.xmi) and the security extension file (ibm-webservices-ext.xmi).  If this archive is acting as a client to a downstream service, you also need the client-side binding file (ibm-webservicesclient-bnd.xmi) and the client-side extension file (ibm-webservicesclient-ext.xmi).  These files are generated using the WSDL2Java command. You can edit these files using the Web Services Editor in the Assembly Toolkit.

When configuring server-side security for Web services security, the security extensions configuration specifies what security is performed, the security bindings configuration indicates how to perform what is specified in the security extensions configuration.  Use the defaults for some elements at the cell and server levels in the bindings configuration, including key locators, trust anchors, the collection certificate store, trusted ID evaluators, and login mappings and reference these elements from the WAR and JAR binding configurations.

Prior to importing the Web services EAR file into the Assembly Toolkit, make sure that you have already run the wsdl2java command on your Web service to enable oner J2EE application. You must import the Web services EAR file into the Assembly Toolkit. Complete the following steps to import your EAR file into the Assembly Toolkit...

  1. Download, install, and launch the Assembly Toolkit.

  2. Open the J2EE perspective by clicking Window > Open Perspective > Other > J2EE.

  3. Import the application EAR file by clicking File > Import > EAR file.

  4. Click Next and indicate both the EAR file name in the EAR File field and the project name in the Project name field.

  5. Click Finish.

Refer to Assembly Toolkit documentation for more information.

Open the Web services editor in the Assembly Toolkit to begin editing the server security extensions and bindings. The following steps can locate the server security extensions and bindings.  Other tasks specify how to configure each section of the extensions and bindings in more detail.

  1. Expand your application module from the Navigator. If the Navigator is not shown, you can open it by clicking Window > Show View > Navigator.

  2. If your application is a Web archive (WAR) file, perform the following steps...

    1. Expand the WebContent > WEB-INF section.

    2. Locate the webservices.xml file.The webservices.xml file represents the server-side (inbound) Web services configuration. The webservicesclient.xml file represents the client-side (outbound) Web services configuration.

      1. Configure the server for inbound requests and outbound responses security configuration by right-clicking the webservices.xml file and clicking Open With > Web Services Editor.

      2. Configure the client for outbound requests and inbound responses security configuration by right-clicking the webservicesclient.xml file and clicking Open With > Web Services Client Editor. For more information, see Configuring the client security bindings using the Assembly Toolkit.

  3. If your application is an EJB Application (JAR) file, perform the following steps...

    1. Expand the ejbModule > META-INF section.

    2. Locate the webservices.xml file.The webservices.xml file represents the server-side (inbound) Web services configuration. The webservicesclient.xml file represents the client-side (outbound) Web services configuration.

      1. Configure the server for inbound requests and outbound responses security configuration by right-clicking the webservices.xml file and clicking Open With > Web Services Editor.

      2. Configure the client for outbound requests and inbound responses security configuration by right-clicking the webservicesclient.xml file and clicking Open With > Web Services Client Editor. For more information, see Configuring the client security bindings using the Assembly Toolkit.

  4. In the Web services editor (for the webservices.xml file and inbound requests and outbound responses Web services configuration), there are several tabs at the bottom of the editor including Web Services, Port Components, Handlers, Security Extensions, Bindings, and Binding Configurations. The security extensions are edited using the Security Extensions tab. The security bindings are edited using the Security Bindings tab.

    1. Click the Security Extensions tab and select the port component binding to edit. The Web services security extensions are configured for inbound requests and outbound responses. You need to configure the following information for Web services security extensions. These topics are discussed in more detail in other topics in the documentation.

      Request receiver service configuration details

      Required integrity Configuring the server for request digital signature verification: verifying the message parts

      Required confidentiality Configuring the server for request decryption: decrypting message parts

      Login config

      Basic auth Configuring the server to handle basicauth authentication

      ID assertion Configuring the server to handle identity assertion authentication

      Signature Configuring the server to handle signature authentication

      LTPA Configuring the server to handle LTPA token authentication

      Add received time stamp Configuring the server for request digital signature verification: verifying the message parts

      Response sender service configuration details

      Details Configuring the server for response signing: digitally signing message parts

      Integrity Configuring the server for response signing: digitally signing message parts

      Confidentiality Configuring the server for response encryption: encrypting message parts

      Add created time stamp- Configuring the server for response signing: digitally signing message parts

    2. Click the Binding Configurations tab and select the port component binding to edit. The Web services security bindings are configured for inbound requests and outbound responses. You need to configure the following information for Web services security bindings. These topics are discussed in more details in other topics in the documentation. 

      Response receiver binding configuration details

      Signing Information Configuring the server for request digital signature verification: choosing the verification method

      Encryption Information Configuring the server for request decryption: choosing the decryption method

      Trust Anchor Configuring trust anchors using the Assembly Toolkit

      Certificate Store List Configuring the server-side collection certificate store using the Assembly Toolkit

      Key Locators Configuring key locators using the Assembly Toolkit

      Login Mapping

      Basic auth  Configuring the server to validate basicauth authentication information

      ID assertion Configuring the server to validate identity assertion authentication information

      Signature Configuring the server to validate signature authentication information

      LTPA Configuring the server to validate LTPA token authentication information

      Trusted ID Evaluator

      Trusted ID Evaluator Reference

      Response sender binding configuration details

      Signing information Configuring the server for response signing: choosing the digital signature method

      Encryption information Configuring the server for response encryption: choosing the encryption method

      Key Locators Configuring key locators using the Assembly Toolkit

 

See Also

Securing Web services using XML digital signature
Configuring the client security bindings using the Assembly Toolkit
Configuring the security bindings on a server acting as a client using the administrative console
Configuring the server security bindings using the administrative console