Network Deployment (Distributed operating systems), v8.0 > Develop and deploying applications > Develop web services - Security (WS-Security) > Configure Web Services Security during application assembly > Configure XML digital signature for v5.x web services with an assembly tool

Configure the server security bindings using an assembly tool

Use an assembly tool to edit bindings for a web service after these bindings are deployed on a server.

There is an important distinction between Version 5.x and v6 and later applications. The information in this article supports v5.x applications only that are used with WAS v6.0.x and later. The information does not apply to v6.0.x and later applications.

Prior to importing the web services EAR file into the assembly tool, make sure that we have already run the WSDL2Java command on your web service to enable your Java EE application. We must import the Web services EAR file into the assembly tool.
Create an EJB file JAR file or a WAR file containing the security binding file (ibm-webservices-bnd.xmi) and the security extension file (ibm-webservices-ext.xmi).  If this archive is acting as a client to a downstream service, you also need the client-side binding file (ibm-webservicesclient-bnd.xmi) and the client-side extension file (ibm-webservicesclient-ext.xmi).  These files are generated using the WSDL2Java command. For more information, read about the WSDL2Java command for JAX-RPC applications. We can edit these files using the web services editor in the assembly tool.
When configuring server-side security for Web Services Security, the security extensions configuration specifies what security is performed, the security bindings configuration indicates how to perform what is specified in the security extensions configuration. We can use the defaults for some elements at the cell and server levels in the bindings configuration, including key locators, trust anchors, the collection certificate store, trusted ID evaluators, and login mappings and reference these elements from the WAR and JAR binding configurations.

Open the web services editor in an assembly tool to begin editing the server security extensions and bindings. The following steps can locate the server security extensions and bindings. Other tasks specify how to configure each section of the extensions and bindings in more detail.

Procedure

1. Launch an assembly tool. See the related information on Assembly Tools.
2. Switch to the Java EE perspective. Click Window > Open Perspective > J2EE.

3. Configure the server for inbound requests and outbound responses security configuration.

   To configure the server for inbound requests and outbound responses...

   1. Click EJB Projects > application_name > ejbModule > META-INF .
   2. Right-click the webservices.xml file and click Open with > Web services editor. The webservices.xml file represents the server-side (inbound) web services configuration. The webservicesclient.xml file represents the client-side (outbound) web services configuration.

4. In the web services editor (for the webservices.xml file and inbound requests and outbound responses web services configuration), there are several tabs at the bottom of the editor including Web Services, Port Components, Handlers, Security Extensions, Bindings, and Binding Configurations. The security extensions are edited using the Security Extensions tab. The security bindings are edited using the Security Bindings tab.

   1. Click the WS Extensions tab and select the port component binding to edit. The Web Services Security extensions are configured for inbound requests and outbound responses. You need to configure the following information for Web Services Security extensions. These topics are discussed in more detail in other topics in the documentation.

      Request receiver service configuration details

      Required integrity
      Configure the server for request digital signature verification: Verifying the message parts
      Required confidentiality
      Configure the server for request decryption: decrypting the message parts
      Login config
      BasicAuth
      Configure the server to handle basic authentication information
      ID assertion
      Configure the server to handle identity assertion authentication
      Signature
      Configure the server to support signature authentication
      LTPA
      Configure the server to handle LTPA token authentication information
      Add received time stamp
      Configure the server for request digital signature verification: Verifying the message parts

      Response sender service configuration details

      Details
      Configure the server for response signing: digitally signing message parts
      Integrity
      Configure the server for response signing: digitally signing message parts
      Confidentiality
      Configure the server for response encryption: encrypting the message parts
      Add created time stamp
      Configure the server for response signing: digitally signing message parts

   2. Click the Binding Configurations tab and select the port component binding to edit. The Web Services Security bindings are configured for inbound requests and outbound responses. You need to configure the following information for Web Services Security bindings. These topics are discussed in more details in other topics in the documentation. 

      Response receiver binding configuration details

      Signing Information
      Configure the server for request digital signature verification: choosing the verification method
      Encryption Information
      Configure the server for request decryption: choosing the decryption method
      Trust Anchor
      Configure trust anchors using an assembly tool
      Certificate Store List
      Configure the server-side collection certificate store using an assembly tool
      Key Locators
      Configure key locators using an assembly tool
      Login Mapping
      Basic auth
      Configure the server to validate basic authentication information
      ID assertion
      Configure the server to validate identity assertion authentication information
      Signature
      Configure the server to validate signature authentication information
      LTPA
      Configure the server to validate LTPA token authentication information
      Trusted ID evaluator
      Trusted ID evaluator reference

      Response sender binding configuration details

      Signing information
      Configure the server for response signing: choosing the digital signature method
      Encryption information
      Configure the server for response encryption: choosing the encryption method
      Key locators
      Configure key locators using an assembly tool

What to do next

Configure the client for outbound requests and inbound responses security configuration by right-clicking the webservicesclient.xml file and clicking Open With > Deployment descriptor editor. See Configure the client security bindings using an assembly tool.
Assembly tools
Configure the client security bindings using an assembly tool
Configure the security bindings on a server acting as a client
Configure the server security bindings
Secure web services for v5.x applications using XML digital signature

Related

WSDL2Java command for JAX-RPC applications

+

Search Tips   |   Advanced Search