Secure JAX-RPC web services using message-level security
Standards and profiles address how to provide protection for messages that are exchanged in a web service environment.
To secure web services with WebSphere Application Server, specify several different configurations. Although there is not a specific sequence in which specify these different configurations, some configurations reference other configurations. See Web Services Security configuration considerations.
Web service security is supported in the managed web service container. To establish a managed environment and to enforce constraints for Web Services Security, perform a JNDI lookup on the client to resolve the service reference.
Because of the relationship between the different Web Services Security configurations, IBM recommends specified the configurations on each level of the configuration in the following order. We can choose to configure Web Services Security for the application level, the server level or the cell level as it depends upon the environment and security needs.
- Learn about Web Services Security.
- Decide which programming model, JAX-WS or JAX-RPC, works best for securing the web services applications.
- Configure Web Services Security.
- Specify the application-level configuration.
- Specify the server-level configuration.
- Specify the cell-level configuration.
- Specify the platform-level configuration.
- Develop and assemble a JAX-RPC application, or migrate an existing application.
- Deploy the JAX-RPC application.
Results
After completing these steps for WebSphere Application Server, we have secured web services.
Subtopics
- Learn about Web Services Security.
- Decide which programming model, JAX-WS or JAX-RPC, works best for securing the web services applications.
- Configure Web Services Security.
- Specify the application-level configuration.
- Specify the server-level configuration.
- Specify the cell-level configuration.
- Specify the platform-level configuration.
- Develop and assemble a JAX-RPC application, or migrate an existing application.
- Deploy the JAX-RPC application.
Related concepts
Development and assembly tools
Related tasks
Develop web services clients that retrieve tokens from the JAAS Subject in an application Develop web services applications that retrieve tokens from the JAAS Subject in a server application Troubleshooting web services Secure web services applications at the transport level Authenticating web services clients using HTTP basic authentication Configure trust anchors for the generator binding on the application level Configure the collection certificate store for the generator binding on the application level Configure token generators using JAX-RPC to protect message authenticity at the application level Configure the key locator using JAX-RPC for the generator binding on the application level Configure the key information using JAX-RPC for the generator binding on the application level Configure the signing information using JAX-RPC for the generator binding on the application level Configure encryption using JAX-RPC to protect message confidentiality at the application level Configure trust anchors for the consumer binding on the application level Configure the collection certificate store for the consumer binding on the application level Configure token consumers using JAX-RPC to protect message authenticity at the application level Configure the key locator using JAX-RPC for the consumer binding on the application level Configure the key information for the consumer binding on the application level Configure the signing information using JAX-RPC for the consumer binding on the application level Configure encryption to protect message confidentiality at the application level Configure trust anchors on the server or cell level Configure the collection certificate on the server or cell level Configure a nonce on the server or cell level Configure token generators using JAX-RPC to protect message authenticity at the server or cell level Configure the key locator using JAX-RPC on the server or cell level Configure the key information for the generator binding using JAX-RPC on the server or cell level Configure the signing information using JAX-RPC for the generator binding on the server or cell level Configure encryption using JAX-RPC to protect message confidentiality at the server or cell level Configure trusted ID evaluators on the server or cell level Configure token consumers using JAX-RPC to protect message authenticity at the server or cell level Configure the key information for the consumer binding using JAX-RPC on the server or cell level Configure the signing information using JAX-RPC for the consumer binding on the server or cell level Configure encryption to protect message confidentiality at the server or cell level
Security considerations for web services rrdSecurity.props file