WAS v8.5 > Secure applications > Secure web services > Secure web servicesSecure JAX-RPC web services using message-level security
Standards and profiles address how to provide protection for messages that are exchanged in a web service environment.
See: Web Services Security configuration considerations.
Web service security is supported in the managed web service container. To establish a managed environment and to enforce constraints for Web Services Security, perform a JNDI lookup on the client to resolve the service reference.
Because of the relationship between the different Web Services Security configurations, IBM recommends specified the configurations on each level of the configuration in the following order. Choose to configure Web Services Security for the application level or the server level as it depends upon the environment and security needs.
- Learn about Web Services Security.
- Programming models for web services message-level security
- Configure Web Services Security.
- Specify the application-level configuration.
- Specify the server-level configuration.
- Specify the cell-level configuration.
- Specify the platform-level configuration.
- Develop and assemble a JAX-RPC application, or migrate an existing application.
- Deploy the JAX-RPC application.
Related:
Development and assembly tools
Develop web services clients that retrieve tokens from the JAAS Subject in an application
Develop web services applications that retrieve tokens from the JAAS Subject in a server application
Troubleshooting web services
Tune Web Services Security for v8.5 applications
Secure web services applications at the transport level
Authenticate web services clients using HTTP basic authentication
Configure trust anchors for the generator binding on the application level
Configure the collection certificate store for the generator binding on the application level
Configure token generators using JAX-RPC to protect message authenticity at the application level
Configure the key locator using JAX-RPC for the generator binding on the application level
Configure the key information using JAX-RPC for the generator binding on the application level
Configure the signing information using JAX-RPC for the generator binding on the application level
Configure encryption using JAX-RPC to protect message confidentiality at the application level
Configure trust anchors for the consumer binding on the application level
Configure the collection certificate store for the consumer binding on the application level
Configure token consumers using JAX-RPC to protect message authenticity at the application level
Configure the key locator using JAX-RPC for the consumer binding on the application level
Configure the key information for the consumer binding on the application level
Configure the signing information using JAX-RPC for the consumer binding on the application level
Configure encryption to protect message confidentiality at the application level
Configure trust anchors on the server level
Configure the collection certificate on the server level
Configure a nonce on the server level
Configure token generators using JAX-RPC to protect message authenticity at the server level
Configure the key locator using JAX-RPC on the server level
Configure the key information for the generator binding using JAX-RPC on the server level
Configure the signing information using JAX-RPC for the generator binding on the server level
Configure encryption using JAX-RPC to protect message confidentiality at the server or cell level
Configure trusted ID evaluators on the server level
Configure token consumers using JAX-RPC to protect message authenticity at the server level
Configure the key information for the consumer binding using JAX-RPC on the server level
Configure the signing information using JAX-RPC for the consumer binding on the server level
Configure encryption to protect message confidentiality at the server level
Security considerations for web services
rrdSecurity.props file