Migration of JAX-WS Web Services Security bindings from Version 6.1
We can migrate Web Services Security bindings from an older version to Version 7.0 and later of WAS. Migration of the JAX-WS bindings in Version 6.1 Feature Pack for Web Services takes place during the product migration to Version 7.0 and later.
The product migration handles most of the WS-Security migration process, but the input and action is required for specific configurations in order to complete the migration. Examples of configurations that require manual migration steps:
- Use callers on Version 6.1 Feature Pack for Web Services.
WAS v7 and later supports the capability to specify a preference order for callers. In the situation where only a single caller is present in the bindings, product migration automatically assigns an order of 1 to the single caller that is present. However, if there are multiple callers, warnings are logged during migration, and you must manually assign the caller preference order. Set the order attribute for each caller using the console, or the administration commands, after product migration is completed. Read about call collection and configuring the callers for general and default bindings for instructions on setting the caller order using the console. See the topic "WS-Security policy and binding properties" for information on using the administration commands.
- Use multiple username tokens in the default bindings.
During product migration for Version 6.1 default bindings, all UsernameToken generators and consumers in the bindings will be migrated. However, if multiple username token generators, or consumers, are used, a warning is logged during migration. The warning states that a maximum of two username token generators and two username token consumers are allowed, and that one of each pair of token generators or consumers must have the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property set to true. We must manually select which username token consumer or generator to keep, and which token has the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property, using the console, or administration commands.
- To use the console to set the property, access the WS-Security 6.1 default bindings as instructed in the "Policy set bindings settings for WS-Security" topic, and click the Authentication and Protection link. Add, remove or edit the username token consumers and generators as needed, following the instructions in the "WS-Security authentication and protection for general bindings" topic.
- To use the administration commands to set the property, and to add, delete and edit the username token generators or consumers as needed, refer to the "WS-Security policy and bindings properties" topic for instructions.
- Use multiple token generators and token consumers of the same type in Version 6.1 default bindings.
During product migration for Version 6.1 default bindings, all token generators and token consumers for supporting tokens are migrated. In the situation where multiple token generators and token consumers of the same supporting token type are found a warning is logged during migration. This warning states that only a single token consumer and token generator for each supporting token type must be present. We must manually select which token consumer or generator to use for the repeating supporting token type, using the console or administration commands. To use the console to select the token, access the WS-Security 6.1 default bindings as instructed in the "Policy set bindings settings for WS-Security" topic, and select the Authentication and Protection link. Add, edit or remove token consumers and generators as needed, following the instructions in the "WS-Security authentication and protection for general bindings" topic.
Related concepts
Secure web services
Related tasks
Configure the callers for general and default bindings
Caller collection WSSecurity policy and binding properties Policy set bindings settings for WS-Security WS-Security authentication and protection for general bindings