WAS v8.5 > Secure applications > Secure web services > Secure web services > Administer Web Services Security > Administer message-level security for JAX-WS web servicesConfigure default Web Services Security bindings
WebSphere Application Server provides support for a set of default Web Services Security bindings for applications. A set of bindings is a named object associated with a specific policy set and service resource attached to the policy set.
Bindings contain environment and platform specific information, such as the following types of information:
- Keys used for signature and encryption
- Keystore information
- Authentication information
- Persistent information
In WAS v7.0 and later, there are two types of bindings, application specific bindings and general bindings. Typically, bindings are specific to the application or the platform, and they are not shared.
General bindings can be configured to be used across a range of policy sets and can be reused across applications and for trust service attachments. Though general bindings are highly reusable, they are not able to provide configuration for advanced policy requirements, such as multiple signatures. There are two types of general bindings: general provider policy set bindings and general client policy set bindings. The general bindings that are shipped with WAS are initially set as the default bindings, but we can choose a different binding as the default, or change the level of binding that should be used as the default, for example, from cell level binding to server level binding. Default bindings are used when no application specific binding or trust service binding has been assigned to a policy set attachment. For more information, see the topic General JAX-WS default bindings for Web Services Security. For a description of the general sample bindings that are included with WAS, and used with JAX-WS, read the topic General sample bindings for JAX-WS applications.
To create general bindings:
- Log in to the dmgr console and navigate to the general provider policy set and bindings panel, or the general client policy set and bindings panel
- Click Services > Policy sets > General provider policy set bindings.
- Click Services > Policy sets > General client policy set bindings.
- Click New.
Results
Policy set bindings contain platform-specific information, like keystore, authentication information or persistent information, required by a policy set attachment. Each policy set attachment to a service provider or service client must have exactly one binding. When creating a policy set attachment, the general default bindings are used initially. When general bindings are used in association with a policy set attachment, the cell-level general bindings are applied at run time. If application server level bindings exist, the server-level general bindings override the cell-level definition. General bindings specify configuration for both service client and service provider attachments and the general bindings are not tailored to a specific policy set or application. When you define server-level general bindings, the binding begins in a completely unconfigured state. You must add the policy, and then fully configure the bindings for each added policy.
An application specific binding is a named binding that you create. Application specific bindings enable you to provide platform-specific configuration information for specific policy set attachments. When creating an application specific binding, the available binding configuration options are tailored to the definitions in the attached policy set. We can reuse application specific bindings for multiple service resources within an application. For example, if you create a trust service specific binding, that binding can be reused only for trust service attachments. When creating an application specific binding for a policy set attachment, the binding begins in a completely unconfigured state. For each policy, such as WS-Security or HTTP Transport, where to override the general binding, add the policy, and then fully configure the bindings for each added policy.
Only use the sample default bindings in a testing environment. Do not use sample default bindings in a production environment. Default bindings contain sample key files that must be customized before use in a production environment.
See the topic Defining and managing service client or provider bindings for more information about bindings.
Related concepts:
General JAX-WS default bindings for Web Services Security
General sample bindings for JAX-WS applications
Web services policy set bindings
Reference:
Default policy set bindings page
Service client or provider policy set bindings page