Secure JAX-RPC Web services using message level security
Standards and profiles address how to provide protection for messages that are exchanged in a Web service environment.
Best practice: IBM WAS supports the JAX-WS model and the JAX-RPC model. JAX-WS is the next generation Web services model extending the foundation provided by the JAX-RPC model. Using the strategic JAX-WS model, development of Web services and clients is simplified through support of a standards-based annotations model. Although the JAX-RPC model and applications are still supported, take advantage of the easy-to-implement JAX-WS model to develop new Web services applications and clients. bprac
To secure Web services with WAS, specify several different configurations. Although there is not a specific sequence in which specify these different configurations, some configurations reference other configurations. See WS-Security configuration considerations.
Web service security is supported in the managed Web service container. To establish a managed environment and to enforce constraints for WS-Security, perform a JNDI lookup on the client to resolve the service reference.
Because of the relationship between the different WS-Security configurations, IBM recommends specified the configurations on each level of the configuration in the following order. We can choose to configure WS-Security for the application level, the server level or the cell level as it depends upon the environment and security needs.
- Assemble the WS-Security-enabled application by using an assembly tool.
See, read about assembly tools. Prior to modifying a WS-Security-enabled application in the WAS admin console, assemble the application using an assembly tool. Although we can modify some of the application settings using the admin console, configure the generator and the consumer security constraints using an assembly tool. Return to this article after we have assembled the application and imported it into the admin console.
- Modify the application-level configurations in the admin console.
- Configure the trust anchors for the generator binding.
- Configure the collection certificate store for the generator binding.
- Configure the token for the generator binding.
- Configure the key locators for the generator binding.
- Configure the key information for the generator binding.
- Configure the signing information for the generator binding.
- Configure the encryption information for the generator binding.
- Configure the trust anchors for the consumer binding.
- Configure the collection certificate store for the consumer binding.
- Configure the token for the consumer binding.
- Configure the key locators for the consumer binding.
- Configure the key information for the consumer binding.
- Configure the signing information for the consumer binding.
- Configure the encryption information for the consumer binding.
- Specify the server-level configurations.
- Configure the trust anchors for the server level.
- Configure the collection certificate store for the server level.
- Configure a token generator for the server level.
- Configure a nonce for the server level.
- Configure the key locators for the generator binding.
- Configure the key information for the generator binding.
- Configure the signing information for the generator binding.
- Set the encryption information for the generator binding.
- Configure the trusted ID evaluators for the server level.
- Configure a token consumer for the server level.
- Configure the key information for the consumer binding.
- Set the signing information for the consumer binding.
- Set the encryption information for the consumer binding.
- Specify the cell-level configuration.
- Configure the trust anchors for the cell level.
- Configure the collection certificate store for the cell level.
- Configure a token generator for the cell level.
- Configure a nonce for the cell level.
- Configure the key locators for the generator binding.
- Configure the key information for the generator binding.
- Configure the signing information for the generator binding.
- Set the encryption information for the generator binding.
- Configure the trusted ID evaluators for the cell level.
- Configure a token consumer for the cell level.
- Configure the key information for the consumer binding.
- Set the signing information for the consumer binding.
- Configure the encryption information for the consumer binding.
Results
After completing these steps for WAS, we have secured Web services.
Migrate JAX-RPC WS-Security applications to V7.0 applications
Secure messages using JAX-RPC at the request and response generators
Secure messages using JAX-RPC at the request and response consumers
Set WS-Security using JAX-RPC at the platform level
Develop Web services clients that retrieve tokens from the JAAS Subject in an application
Develop Web services applications that retrieve tokens from the JAAS Subject in a server application 
Related concepts
Assembly tools
Related tasks
Troubleshooting Web services
Tuning WS-Security for V7.0 applications
Secure Web services applications at the transport level
Authenticate Web services clients using HTTP basic authentication
Set trust anchors for the generator binding on the application level
Set the collection certificate store for the generator binding on the application level
Set token generators using JAX-RPC to protect message authenticity at the application level
Set the key locator using JAX-RPC for the generator binding on the application level
Set the key information using JAX-RPC for the generator binding on the application level
Set the signing information using JAX-RPC for the generator binding on the application level
Set encryption using JAX-RPC to protect message confidentiality at the application level
Set trust anchors for the consumer binding on the application level
Set the collection certificate store for the consumer binding on the application level
Set token consumers using JAX-RPC to protect message authenticity at the application level
Set the key locator using JAX-RPC for the consumer binding on the application level
Set the key information for the consumer binding on the application level
Set the signing information using JAX-RPC for the consumer binding on the application level
Set encryption to protect message confidentiality at the application level
Set trust anchors on the server or cell level
Set the collection certificate on the server or cell level
Set a nonce on the server or cell level
Set token generators using JAX-RPC to protect message authenticity at the server or cell level
Set the key locator using JAX-RPC on the server or cell level
Set the key information for the generator binding using JAX-RPC on the server or cell level
Set the signing information using JAX-RPC for the generator binding on the server or cell level
Set encryption using JAX-RPC to protect message confidentiality at the server or cell level
Set trusted ID evaluators on the server or cell level
Set token consumers using JAX-RPC to protect message authenticity at the server or cell level
Set the key information for the consumer binding using JAX-RPC on the server or cell level
Set the signing information using JAX-RPC for the consumer binding on the server or cell level
Set encryption to protect message confidentiality at the server or cell level
Secure Web services applications using message level security
Related
Security considerations for Web services
rrdSecurity.props file