Secure messages at the response consumer using WSS APIs
We can secure SOAP messages with signature verification, decryption, and consumer tokens to protect message integrity, confidentiality, and authenticity, respectively. The response consumer (client-side) configuration defines the WS-Security requirements for the incoming SOAP response.
To secure Web services with WAS, configure the generator and the consumer security constraints. You must specify several different configurations. Although there is no specific sequence to specify these different configurations, some configurations reference other configurations. For example, decryption configurations reference encryption configurations.
The response consumer (client-side) configuration requirements involve verifying that the integrity parts are signed and that the signature is verified, verifying that the required confidential parts are encrypted and that the parts are decrypted; and validating the security tokens. You can use the following methods to configure WS-Security and to define policy types to secure the SOAP messages:
- Use the admin console to configure policy sets.
- Use the WS-Security APIs (WSS API) to configure the SOAP message context (only for the client)
The following high-level steps use the WSS APIs:
- Verify signing to protect message integrity.
- Configure decryption to protect message confidentiality.
- Validate consumer tokens to protect message authenticity.
Results
After completing these procedures, we have secured messages at the response consumer level.
Next steps
Next, if not already configured, secure messages with signing information, encryption, and generator tokens at the response (client-side) generator level.
Set decryption to protect message confidentiality using the WSS APIs
Verifying consumer signing information to protect message integrity using WSS APIs
Validating the consumer token to protect message authenticity
Related tasks
Secure messages at the request generator using WSS APIs
Secure Web services applications using the WSS APIs at the message level