Create a new WS-Security binding
Create a new WS-Security binding for use with service integration bus-enabled web services. You use WS-Security bindings to secure the SOAP messages that pass between service requesters (clients) and inbound services, and between outbound services and target web services.
Use this option to create WS-Security bindings that comply with either...
- Web Services Security (WS-Security) 1.0 specification,
- Previous WS-Security specification, WS-Security Draft 13 (Web Services Security Core Specification)
Use of WS-Security Draft 13 was deprecated in WAS Version 6.0. Use of WS-Security Draft 13 is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
This topic assumes that we have got the WS-Security bindings for the client (for an inbound service) and the target web service (for an outbound service).
We can only use WS-Security with web service applications that comply with the Web Services for Java EE or JSR 109 specification. For more information, see Web Services Security and JEE security relationship. For information about how to make the web service applications JSR-109 compliant, see Implement JAX-RPC web services clients or Implement static JAX-WS web services clients.
WS-Security bindings provide the information that the run-time environment needs to implement the WS-Security configuration (for example "To sign the body, use this key"), You receive this security binding information direct from the service requester or target service provider, in the form of an ibm-webservicesclient-bnd.xmi file for the client, and an ibm-webservices-bnd.xmi file for the target web service. You extract the information from these .xmi files, then manually enter it into the WS-Security bindings forms.
Bindings are administered independently from any web service that uses them, so we can create a binding then apply it to many web services.
WebSphere Application Server also includes a set of default WS-Security binding objects. If we are administering a WAS ND installation, then the default WS-Security bindings are configured for the cell, and are available for use with bus-enabled web services. However, if you are using either of the single server products WebSphere Application Server or WebSphere Application Server Express, these default bindings are configured within the application server, and are not available for use with bus-enabled web services.
Unlike most other configuration objects, when creating a WS-Security binding we can only define its basic aspects. To define the binding details you save the new binding, then reopen it for modification.
To create a new WS-Security binding...
- Start the console.
- In the navigation pane
Service integration -> Web services -> WS-Security bindings
The WS-Security bindings collection form is displayed.
- Click New. The New WS-Security binding wizard is displayed.
- Use the wizard to assign the following general properties:
- Select the version of the WS-Security specification. Set this option to either Draft 13 (for a binding that complies with the WS-Security Draft 13 specification) or 1.0 (for a binding that complies with the Web Services Security (WS-Security) 1.0 specification.
Use of WS-Security Draft 13 was deprecated in WAS v6.0. Use of WS-Security Draft 13 is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
- Specify the binding type.
Set this option to one of the following binding types:
For WS-Security Version 1.0:
- request consumer, for use when consuming requests from a client to an inbound service.
- request generator, for use when generating requests from an outbound service to a target web service.
- response consumer, for use when consuming responses from a target web service to an outbound service.
- response generator, for use when generating responses from an inbound service to a client.
For WS-Security Draft 13:
- request receiver, for use when receiving requests from a client to an inbound service.
- request sender, for use when sending requests from an outbound service to a target web service.
- response receiver, for use when receiving responses from a target web service to an outbound service.
- response sender, for use when sending responses from an inbound service to a client.
- Specify the WS-Security binding.
Give a name to this binding. This name must be unique and it must follow the following syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \ / , # $ @ : ; " * ? < > | = + & % '
(WS-Security 1.0 bindings only. Optional.) Select the Use defaults check box to create a default binding for use in a development and test environment. If we select this option, the binding uses the WAS default set of binding information rather than any custom information that you might subsequently add. Note however that this default binding is by definition insecure, and is not for production use. We can also select or clear this check box when you modify an existing WS-Security binding.
For a WS-Security 1.0 request generator binding, the web address for the WS-Security 1.0 namespace is displayed in a drop-down list. This is the namespace used by WS-Security 1.0 to send a request, and you should not have to change this value. The other values included in the drop-down list refer to namespaces used by earlier versions of the WS-Security draft specification, and are included for backwards compatibility.
- Click Finish. The general properties for this item are saved.
Results
If the processing completes successfully, the list of WS-Security bindings is updated to include the new binding. Otherwise, an error message is displayed.
What to do next
We are now ready to define the binding details.
Subtopics
Related concepts
Service integration technologies and WS-Security Overview of standards and programming models for web services message-level security Web Services Security and JEE security relationship
Related tasks
Secure web services applications using the WSS APIs at the message level Implement static JAX-WS web services clients Implement JAX-RPC web services clients