Developing applications that use Web Services Security

The Web Services Security specification provides a flexible framework for building secure web services to implement message content integrity and confidentiality. The Web Services Security service programming model supports this flexible framework by providing extension points to integrate new token formats, and methods to obtains keys needed for message protection. The application server programming model provides Web Services Security programming APIs (WSS API) for securing SOAP messages.

Subtopics

• Configure HTTP basic authentication for JAX-RPC web services programmatically
  We can configure HTTP basic authentication for JAX-RPC web services by programmatically modifying HTTP properties.

• Develop message-level security for JAX-WS web services
  JAX-WS applications can be secured with Web Services Security in one of two ways. The application can be secured using policy sets, or through the use of the Web Services Security API (WSS API). The WSS API can only be used to secure a JAX-WS client application. The Web Services Security service programming interface (WSS SPI) provides additional programming interfaces for securing web services.

• Develop message-level security for JAX-RPC web services
  IBM WAS supports the Java™ API for XML-Based Web Services (JAX-WS) programming model and JAX-RPC.

• Web Services Security service provider programming interfaces
  Several Service Provider Interfaces (SPIs) are provided to extend the capability of the Web Services Security runtime.