WAS v8.5 > Secure applications > Secure web services > Secure web servicesAdminister Web Services Security
To secure web services, you must consider a broad set of security requirements, including authentication, authorization, privacy, trust, integrity, confidentiality, secure communications channels, delegation, and auditing across a spectrum of application and business topologies. Choose to configure Web Services Security for the application level, the server level or the cell level, depending upon the environment and security needs.
Subtopics
- Configure HTTP outbound transport level security with the dmgr console
We can configure HTTP outbound transport level security with the dmgr console.- Configure HTTP outbound transport level security using Java properties
We can configure the HTTP outbound transport level security for a web service using Java properties.- Configure HTTP basic authentication for JAX-RPC web services with the dmgr console
We can configure HTTP basic authentication for JAX-RPC web services with the dmgr console.- Building XPath expressions for WS-Security
JAX-RPC and JAX-WS WS-Security configurations use XML-based SOAP messages to exchange information between applications. We can use an XPath expression to select specific elements in a SOAP message to sign or encrypt.- Configure custom properties to secure web services
We can configure name-value pairs of data, where the name is a property key and the value is a string value used to set internal system configuration properties. Defining a new property enables you to configure a setting beyond that which is available through options in the dmgr console.- Administer message-level security for JAX-WS web services
Web Services Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment. Using JAX-WS, development of web services and clients is simplified with greater platform independence for Java applications through the use of dynamic proxies and Java annotations.- Administer message-level security for JAX-RPC web services
The Java™ API for XML-based RPC (JAX-RPC) specification enables you to develop SOAP-based interoperable and portable web services and web service clients. JAX-RPC simplifies development of web services by shielding you from the underlying complexity of SOAP communication, and enables clients to access a web service as if the web service was a local object mapped into the client's address space.- Enable cryptographic keys stored in hardware devices for Web Services Security
We can enable Web Services Security using cryptographic hardware devices for both web service clients and web service providers that are running in the WebSphere Application Server environment.- Configure XML digital signature for v5.x web services with the dmgr console
XML digital signature provides both message integrity and authentication capabilities when it is used with SOAP messages. XML digital signature is one of the methods WebSphere Application Server provides to secure web services. We can use the WebSphere Application Server dmgr console to configure XML digital signature.- Configure XML encryption for v5.x web services with the dmgr console
XML encryption is one method that WebSphere Application Server provides to secure web services. We can use XML encryption in conjunction with XML digital signature to scramble the content while verifying the authenticity of the message sender. Using XML encryption, we can encrypt an XML element, the content of an XML element, or arbitrary data such as an XML document.- Building XPath expressions for WS-Security
JAX-RPC and JAX-WS WS-Security configurations use XML-based SOAP messages to exchange information between applications. We can use an XPath expression to select specific elements in a SOAP message to sign or encrypt.