Configure and administer the Web Services Security runtime environment.
Deploy the JAX-WS application.
Parent
Secure JAX-WS web services using message-level security
Read about signing and encrypting message parts using policy sets to find out how to specify the required message-level protection. The policy specifies what protection will be applied, including which message parts to sign or encrypt, and the token types and algorithms to use. For complete information about policy sets, read about managing policy sets using the console.
What to do next
Configure policy sets through metadata exchange (WS-MetadataExchange).
Subtopics
- Auditing the Web Services Security runtime
Security auditing provides tracking and archiving of auditable events for the web services runtime operations. When security auditing is enabled for web services, the event generator utility collects and logs signing, encryption, security, authentication, and delegation events in audit event records. We can analyze the audit event records to identify possible security breaches or potential weaknesses in the security configuration of the environment.
- Secure web services using policy sets
Policy sets are assertions about how services are defined. They are used to simplify the quality of service configuration for web services.
- Secure requests to the trust service using system policy sets
WebSphere Application Server provides message-level protection for its security token service, known as the WAS trust service. For the trust service, use a special class of policy sets known as system policy sets.
- Configure the Kerberos token for Web Services Security
Use this topic to configure the Kerberos token for message-level Web Services Security.
Related concepts
Auditing the Web Services Security runtime
Related tasks
Secure web services using policy sets Secure requests to the trust service using system policy sets Configure the Kerberos token for Web Services Security