WS-Security configuration considerations
IBM WAS supports JAX-WS and JAX-RPC.
JAX-WS supports annotations.
Configure WS-Security on the application level, server level, and the cell level.
Configuration level Configuration name Referenced configurations Application-level request generator Token generator Collection certificate store
Nonce
Timestamp
Callback handler
Application-level request generator Key information Key locator
Key name
TokenApplication-level request generator Signing information Key information Application-level request generator Encryption information Key information Application-level request consumer Token consumer Trust anchor
Collection certificate store
Trusted ID evaluators
JAAS configurationApplication-level request consumer Key information Key locator
TokenApplication-level request consumer Signing information Key information Application-level request consumer Encryption information Key information Application-level response generator Token generator Collection certificate store
Callback handlerApplication-level response generator Key information Key locator
Token
Application-level response generator Signing information Key information Application-level response generator Encryption information Key information Application-level response consumer Token consumer Trust anchor
Collection certificate store
JAAS configurationApplication-level response consumer Key information Key locator
Key name
TokenApplication-level response consumer Signing information Key information Application-level response consumer Encryption information Key information Server-level default generator bindings Token generator Collection certificate store
Callback handlerServer-level default generator bindings Key information Key locator
TokenServer-level default generator bindings Signing information Key information Server-level default generator bindings Encryption information Key information Server-level default consumer bindings Token consumer Trust anchor
Collection certificate store
Trusted ID evaluator
JAAS configurationServer-level default consumer bindings Key information Key locator
TokenServer-level default consumer bindings Signing information Key information Server-level default consumer bindings Encryption information Key information Cell-level default generator bindings Token generator Collection certificate store
Callback handlerCell-level default generator bindings Key information Key locator
Token
Cell-level default generator bindings Signing information Key information Cell-level default generator bindings Encryption information Key information Cell-level default consumer bindings Token consumer Trust anchor
Collection certificate store
Trusted ID evaluator
JAAS configurationCell-level default consumer bindings Key information Key locator
Token
Cell-level default consumer bindings Signing information Key information Cell-level default consumer bindings Encryption information Key information When multiple applications will use the same binding information, consider configuring the binding information on the server or cell level. For example, we might have a global key locator configuration used by multiple applications. Configuration information for the application-level precedes similar configuration information on the server-level and the cell level.
Related tasks
Secure Web services applications using message level security
Related
WS-Security troubleshooting tips