WAS v8.5 > Administer applications and their environment > Administer web services - Bus enabled web services > Enable web services through the service integration busCreate a new WS-Security binding
Create a new WS-Security binding for use with service integration bus-enabled web services. You use WS-Security bindings to secure the SOAP messages that pass between service requesters (clients) and inbound services, and between outbound services and target web services.
Use this option to create WS-Security bindings that comply with either the WS-Security 1.0 specification, or the previous WS-Security specification, WS-Security Draft 13 (also known as the Web Services Security Core Specification).
Use of WS-Security Draft 13 was deprecated in WebSphere Application Server v6.0. Use of WS-Security Draft 13 is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
This topic assumes that we have got, from the owning parties, the WS-Security bindings for the client (for an inbound service) and the target web service (for an outbound service).
We can only use WS-Security with web service applications that comply with the Web Services for Java EE or Java Specification Requirements (JSR) 109 specification. For more information, see Web Services Security and Java Platform, Enterprise Edition security relationship. For information about how to make the web service applications JSR-109 compliant, see Implement JAX-RPC web services clients or Implement static JAX-WS web services clients. WS-Security bindings provide the information the run-time environment needs to implement the WS-Security configuration (for example "To sign the body, use this key"), You receive this security binding information direct from the service requester or target service provider, in the form of an ibm-webservicesclient-bnd.xmi file for the client, and an ibm-webservices-bnd.xmi file for the target web service. You extract the information from these .xmi files, then manually enter it into the WS-Security bindings forms.
Bindings are administered independently from any web service that uses them, so we can create a binding then apply it to many web services.
WAS also includes a set of default WS-Security binding objects, as described in Default bindings and runtime properties for Web Services Security. However, if you are using either of the single server products WAS or WAS Express, then these default bindings are configured within the application server, and are not available for use with bus-enabled web services.
Unlike most other configuration objects, when we create a WS-Security binding we can only define its basic aspects. To define the binding details you save the new binding, then reopen it for modification as described in Modify an existing WS-Security binding.
To create a new WS-Security binding...
- Start the dmgr console.
- In the navigation pane, click Service integration -> Web services -> WS-Security bindings. The WS-Security bindings collection form is displayed.
- Click New. The New WS-Security binding wizard is displayed.
- Use the wizard to assign the following general properties:
- Select the version of the WS-Security specification. Set this option to either Draft 13 (for a binding that complies with the WS-Security Draft 13 specification) or 1.0 (for a binding that complies with the WS-Security 1.0 specification.
Use of WS-Security Draft 13 was deprecated in WAS v6.0. Use of WS-Security Draft 13 is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
- Specify the binding type.
Set this option to one of the following binding types:
For WS-Security v1.0:
- request consumer, for use when consuming requests from a client to an inbound service.
- request generator, for use when generating requests from an outbound service to a target web service.
- response consumer, for use when consuming responses from a target web service to an outbound service.
- response generator, for use when generating responses from an inbound service to a client.
For WS-Security Draft 13:
- request receiver, for use when receiving requests from a client to an inbound service.
- request sender, for use when sending requests from an outbound service to a target web service.
- response receiver, for use when receiving responses from a target web service to an outbound service.
- response sender, for use when sending responses from an inbound service to a client.
- Specify the WS-Security binding.
Give a name to this binding. This name must be unique and it must follow the following syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \ / , # $ @ : ; " * ? < > | = + & % '
(WS-Security 1.0 bindings only. Optional.) Select the Use defaults check box to create a convenient default binding for use in a development and test environment. If selected, the binding uses the WAS default set of binding information rather than any custom information that you might subsequently add. Note however that this default binding is by definition insecure, and is not for production use. We can also select or clear this check box when we modify an existing WS-Security binding.
If you are creating a WS-Security 1.0 request generator binding, the web address for the WS-Security 1.0 namespace is displayed in a drop-down list. This is the namespace used by WS-Security 1.0 to send a request, and you should not have to change this value. The other values included in the drop-down list refer to namespaces used by earlier versions of the WS-Security draft specification, and are included for backwards compatibility.
- Click Finish. The general properties for this item are saved.
Results
If the processing completes successfully, the list of WS-Security bindings is updated to include the new binding. Otherwise, an error message is displayed.
You are now ready to define the binding details as described in Modify an existing WS-Security binding.
Subtopics
- Modify an existing WS-Security binding
We can add or modify the configuration details for a WS-Security binding that is configured for use with service integration bus-enabled web services. You use WS-Security bindings to secure the SOAP messages that pass between service requesters (clients) and inbound services, and between outbound services and target web services.- Delete WS-Security bindings
Delete WS-Security bindings configured for use with service integration bus-deployed web services.
Related concepts:
Service integration technologies and WS-Security
Programming models for web services message-level security
Web Services Security and Java Platform, Enterprise Edition security relationship
Related
Secure web services applications using the WSS APIs at the message level
Implement static JAX-WS web services clients
Implement JAX-RPC web services clients