WAS v8.5 > Secure applications > Secure web services > Secure web services > Migrating Web Services SecurityMigration of JAX-WS Web Services Security bindings from v6.1
We can migrate Web Services Security bindings from an older version to v7.0 and later of WebSphere Application Server. Migration of the JAX-WS bindings in v6.1 Feature Pack for Web Services takes place during the product migration to v7.0 and later.
WAS v8.5 migration handles most of the WS-Security migration process, but your input and action is required for specific configurations in order to complete the migration. Examples of configurations that require manual migration steps:
- Using callers on v6.1 Feature Pack for Web Services.
WAS v7.0 and later supports the capability to specify a preference order for callers. In the situation where only a single caller is present in the bindings, product migration automatically assigns an order of 1 to the single caller that is present. However, if there are multiple callers, warnings are logged during migration, and manually assign the caller preference order. Set the order attribute for each caller using the dmgr console, or the administration commands, after product migration is completed. Read about call collection and configuring the callers for general and default bindings for instructions on setting the caller order using the dmgr console. See the topic "WS-Security policy and binding properties" for information on using the administration commands.
- Using multiple username tokens in the default bindings.
During product migration for v6.1 default bindings, all UsernameToken generators and consumers in the bindings will be migrated. However, if multiple username token generators, or consumers, are used, a warning is logged during migration. The warning states that a maximum of two username token generators and two username token consumers are allowed, and that one of each pair of token generators or consumers must have the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property set to true. You must manually select which username token consumer or generator to keep, and which token has the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property, using the dmgr console, or administration commands.
- To use the dmgr console to set the property, access the WS-Security 6.1 default bindings as instructed in the "Policy set bindings settings for WS-Security" topic, and click the Authentication and Protection link. Add, remove or edit the username token consumers and generators as needed, following the instructions in the "WS-Security authentication and protection for general bindings" topic.
- To use the administration commands to set the property, and to add, delete and edit the username token generators or consumers as needed, refer to the "WS-Security policy and bindings properties" topic for instructions.
- Using multiple token generators and token consumers of the same type in v6.1 default bindings.
During product migration for v6.1 default bindings, all token generators and token consumers for supporting tokens are migrated. In the situation where multiple token generators and token consumers of the same supporting token type are found a warning is logged during migration. This warning states that only a single token consumer and token generator for each supporting token type must be present. You must manually select which token consumer or generator to use for the repeating supporting token type, using the dmgr console or administration commands. To use the dmgr console to select the token, access the WS-Security 6.1 default bindings as instructed in the "Policy set bindings settings for WS-Security" topic, and select the Authentication and Protection link. Add, edit or remove token consumers and generators as needed, following the instructions in the "WS-Security authentication and protection for general bindings" topic.
Related concepts:
Secure web services
Related
Configure the callers for general and default bindings
Reference:
Caller page
WSSecurity policy and binding properties
Policy set bindings settings for WS-Security
WS-Security authentication and protection for general bindings