Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Define and managing secure policy set bindings


Secure message parts

If you are working with policy sets, then you can secure message parts .

To secure message parts with WS-Security using policy sets, define the elements for the message parts to be protected in the WS-Security policy within a policy set. Before you can start this task, have a policy set defined for the application or service artifact. Also, if none of the default policy sets contain the necessary policy definitions, then create a custom policy set with the necessary definitions. This task assumes that you are using policy sets and you want to secure message parts within that context.


Procedure

  1. Open the administrative console.

  2. Select the policy set containing the message parts that to secure.

    • To secure message parts using application policy sets click Services > Policy sets > Application policy sets.

    • To secure message parts using system policy sets clickServices > Policy sets > System policy sets.

  3. Select the policy set to use.

  4. If the WS-Security policy is not listed, then click Add and select that policy from the list.

  5. Click the WS-Security link.

  6. Click Main policy or Bootstrap policy. The bootstrap policy is available when Secure Conversation is used. To use the bootstrap policy, then select the SecureConversation policy set in step three.

  7. Make sure that Message level protection is selected, then click Request message part protection or Response message part protection. When the Message level protection checkbox is unchecked, the link to Response message part protection is not available, because the configuration information associated with message level security is removed when Message level protection is deselected.

  8. Click Add for either Encrypted parts or Signed parts depending on the level of security that you want.
  9. Specify a part name and add the elements to be signed or encrypted, or both. The elements can be the message body, XPath expression, or a QName which is for SOAP header elements only. Click OK. Recommendation for when to use QName or XPath: If you are encrypting or signing SOAP headers, you can use QName to select which SOAP headers to be signed or encrypted.

    The elements must be a direct child of the SOAP headers.

    If you wanted to sign and encrypt other elements in the SOAP message, then you can use XPath expression. Use this XPath example to select, MyElement in a namespace, http://xyz.acme.com with MyHeader, http://acme.com.

    /*[namespace-uri()='http://www.w3.org/2003/05/soap-envelope' and local-name()='Envelope']/*[namespace-uri()=
    'http://www.w3.org/2003/05/soap-envelope' and local-name()='Header']/*[namespace-uri()='http://acme.com' and local-name()=
    'MyHeader']/*[namespace-uri()='http://xyz.acme.com' and local-name()='MyElement']
    

  10. Repeat steps 8 and 9 to sign or encrypt each message part.

  11. To save changes to the master configuration, click Save.


Results

When you finish this task, we have configured the policy set that contains the quality of service definitions required for signing and encrypting message parts.


Example

If we have the policy set, myPolicy and you want to specify request message bodies that must be signed, you can perform the following:

  1. Locate the policy set in the Services > Policy sets > Application policy sets collection and click the policy set name.

  2. Click the WS-Security link. If the link does not exist, click Add and then select WS-Security from the list.

  3. Click Main policy > Request message part protection

  4. Click Add under the Integrity protection and Signed parts section.

  5. Specify the name, messageBody.

  6. Select Protect message body, click Add Specified Elements, and click OK.

  7. Click Save to save your changes to the master configuration.


What to do next

We can proceed to signing and encrypting message parts using policy sets.
Web services policy set bindings
Encrypted SOAP headers
Signing and encrypting message parts using policy sets
Create application specific bindings for policy set attachment
Modify default bindings at the server or cell level for policy sets
Reassigning bindings to policy sets attachments
Configure the WS-Security policy
Manage policy sets


Related


Service client.policy set and bindings collection
Service provider policy sets and bindings collection
Policy set bindings settings
Policy set bindings settings for WS-Security
WS-Security authentication and protection
Caller settings
Message expiration settings
Actor roles settings
Keys and certificates
Web Services Addressing policy set binding

+

Search Tips   |   Advanced Search