Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web services
Configure the username and password for WS-Security Username or LTPA token authentication
When using the Username WSSecurity default policy set, configure the username and password for username token authentication separately from the security settings defined in the bindings. When you install a JAX-WS application and attach the default Username WSSecurity default policy set, the next step is to configure the general provider sample binding for the JAX-WS provider, and the general client sample binding for the JAX-WS client. However, the binding file for the default client sample binding does not include a username or password for token authentication. Since the username and password is not available from the target deployed system, specify a valid username and password in the environment using the admin console.
Procedure
- Log in to the admin console, then click Services > Policy sets > General client.policy set bindings.
- Click Client sample to edit the binding.
- Click WS-Security.
Add basic authentication information, such as username and password, to the general client sample bindings for any policy set that uses a Username token or LTPA token, including:
- Username SecureConversation
- Username WS-I RSP
- LTPA SecureConversation
- LTPA WS-I RSP
- LTPA WSSecurity default
- Click Authentication and protection.
- In the Authentication tokens table, click gen_signunametoken to edit the username token settings.
- Click Callback handler in the Additional Bindings section.
- Enter the appropriate username and password information for the environment in the User name and Password fields.
- Enter the password a second time in the Confirm Password field, then click Apply.
- Repeat steps 5 through 8 for the gen_signltpatoken LTPA token generator.
Results
This admin console panel applies only to Java™ API for XML Web Services (JAX-WS) web services.
Secure JAX-WS web services using message-level security
Related
Callback handler settings for JAX-WS aug2011