+

Search Tips   |   Advanced Search

Request receiver


The request receiver defines the security requirement of the SOAP message. The security handler on the request receiver side of the SOAP message enforces the security specifications defined in the IBM extension deployment descriptor (ibm-webservices-ext.xmi) and bindings (ibm-webservices-bnd.xmi).

There is an important distinction between V5.x and Version 6 and later applications. The information in this article supports Version 5.x applications only that are used with WAS V6.0.x and later. The information does not apply to V 6 and later applications.

The security constraint for request sender must match the security requirement of the request receiver for the server to accept the request. If the incoming SOAP message does not meet all the security requirements defined, then the request is rejected with the appropriate fault code returned to the sender. For security tokens, the token is validated using JAAS login configuration and authenticated identity is set as the identity for the downstream invocation.

For example, if there is a security requirement to have the SOAP body digitally signed by Joe Smith and if the SOAP body of the incoming SOAP message is not signed by Joe Smith, then the request is rejected.

We can define the following security requirements for the request receiver:

Required integrity (digital signature)

We can select multiple parts of a message to sign digitally.

The following list contains the integrity options:

Required confidentiality (encryption)

We can select multiple parts of a message to encrypt.

The following list contains the confidentiality options:

  • Body content

  • Token

We can have multiple security tokens.

The following list contains the security token options:

Received time stamp

We can have a time stamp for checking the timeliness of the message.

  • Time stamp





Subtopics


Request receiver binding collection

 

Related concepts


Response sender
Response receiver
Request sender

 

Related tasks


Set the server for request decryption: choosing the decryption method
Secure Web services for V5.x applications using XML encryption