Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services

 Securing JAX-RPC web services using message-level security

Standards and profiles address how to provide protection for messages that are exchanged in a web service environment.

Best practice: IBM WAS supports the JAX-WS programming model and JAX-RPC. JAX-WS is the next generation web services programming model extending the foundation provided by JAX-RPC. Using the strategic JAX-WS programming model, development of web services and clients is simplified through support of a standards-based annotations model. Although JAX-RPC and applications are still supported, take advantage of the easy-to-implement JAX-WS programming model to develop new web services applications and clients. bprac JAX-WS

To secure web services with WAS, specify several different configurations. Although there is not a specific sequence in which specify these different configurations, some configurations reference other configurations. See Web Services Security configuration considerations.

Web service security is supported in the managed web service container. To establish a managed environment and to enforce constraints for Web Services Security, perform a JNDI lookup on the client to resolve the service reference.

Because of the relationship between the different Web Services Security configurations, IBM recommends that you specify the configurations on each level of the configuration in the following order. We can choose to configure Web Services Security for the application level, the server level or the cell level as it depends upon the environment and security needs.

Procedure

1. Learn about Web Services Security.

2. Decide which programming model, JAX-WS or JAX-RPC, works best for securing your web services applications.

3. Configure Web Services Security.

4. Specify the application-level configuration.

5. Specify the server-level configuration.

6. Specify the cell-level configuration.

7. Specify the platform-level configuration.

8. Develop and assemble a JAX-RPC application, or migrate an existing application.

9. Deploy the JAX-RPC application.

Results

After completing these steps for WAS, we have secured web services.

---

Subtopics Migrate JAX-RPC Web Services Security applications to applications Secure messages using JAX-RPC at the request and response generators Secure messages using JAX-RPC at the request and response consumers Configure Web Services Security using JAX-RPC at the platform level Develop web services clients that retrieve tokens from the JAAS Subject in an application Develop web services applications that retrieve tokens from the JAAS Subject in a server application Related concepts Assembly tools Related tasks Troubleshoot web services Tune Web Services Security for applications Secure web services applications at the transport level Authenticate web services clients using HTTP basic authentication Configure trust anchors for the generator binding on the application level Configure the collection certificate store for the generator binding on the application level Configure token generators using JAX-RPC to protect message authenticity at the application level Configure the key locator using JAX-RPC for the generator binding on the application level Configure the key information using JAX-RPC for the generator binding on the application level Configure the signing information using JAX-RPC for the generator binding on the application level Configure encryption using JAX-RPC to protect message confidentiality at the application level Configure trust anchors for the consumer binding on the application level Configure the collection certificate store for the consumer binding on the application level Configure token consumers using JAX-RPC to protect message authenticity at the application level Configure the key locator using JAX-RPC for the consumer binding on the application level Configure the key information for the consumer binding on the application level Configure the signing information using JAX-RPC for the consumer binding on the application level Configure encryption to protect message confidentiality at the application level Configure trust anchors on the server or cell level Configure the collection certificate on the server or cell level Configure a nonce on the server or cell level Configure token generators using JAX-RPC to protect message authenticity at the server or cell level Configure the key locator using JAX-RPC on the server or cell level Configure the key information for the generator binding using JAX-RPC on the server or cell level Configure the signing information using JAX-RPC for the generator binding on the server or cell level Configure encryption using JAX-RPC to protect message confidentiality at the server or cell level Configure trusted ID evaluators on the server or cell level Configure token consumers using JAX-RPC to protect message authenticity at the server or cell level Configure the key information for the consumer binding using JAX-RPC on the server or cell level Configure the signing information using JAX-RPC for the consumer binding on the server or cell level Configure encryption to protect message confidentiality at the server or cell level Related reference Security considerations for web services rrdSecurity.props file

---

+

Search Tips   |   Advanced Search