ws-security.xml
For JAX-RPC applications, ws-security.xml defines WS-Security default binding information at the cell level.
The information in this article supports V5.x applications only that are used with WAS Version 6.0.x and later. The information does not apply to V 6.0.x and later applications.
In the WAS ND installation, ws-security.xml is at the cell level and defines the default binding information for WS-Security for the entire cell. But each appserver can have its own ws-security.xml file to override the cell default; similarly, each Web service can override the default in its binding files.
The following list contains the defaults defined in ws-security.xml file:
| Trust anchors | Identifies the trusted root certificates for signature verification. |
| Collection certificate stores | Contains certificate revocation lists (CRLs) and non-trusted certificates for verification. |
| Key locators | Locates the keys for digital signature and encryption. |
| Trusted ID evaluators | Evaluates the trust of the received identity before identity assertion. |
| Login mappings | Contains the JAAS configurations for AuthMethod token validation. |
The WS-Security run time reads the configuration from the application bindings first, then tries the server-level, and finally tries the cell level.
The following figure depicts the runtime configuration process. Figure 1. Runtime configuration
Related concepts
Default bindingTrust anchors
Collection certificate store
Key locator
Trusted ID evaluator
Login mappings
Secure Web services for V5.x applications using XML digital signature