WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web services > Secure web services applications using the WSS APIs at the message level

Secure messages at the response consumer using WSS APIs

We can secure SOAP messages with signature verification, decryption, and consumer tokens to protect message integrity, confidentiality, and authenticity, respectively. The response consumer (client-side) configuration defines the Web Services Security requirements for the incoming SOAP response. To secure web services with WebSphere Application Server, configure the generator and the consumer security constraints. Specify several different configurations. Although there is no specific sequence to specify these different configurations, some configurations reference other configurations. For example, decryption configurations reference encryption configurations.

The response consumer (client-side) configuration requirements involve verifying the integrity parts are signed and the signature is verified, verifying the required confidential parts are encrypted and the parts are decrypted; and validating the security tokens.

We can use the following methods to configure Web Services Security and to define policy types to secure the SOAP messages:

The following high-level steps use the WSS APIs:


Results

After completing these procedures, we have secured messages at the response consumer level.

Next, if not already configured, secure messages with signing information, encryption, and generator tokens at the response (client-side) generator level.


Subtopics


Related


Secure messages at the request generator using WSS APIs


+

Search Tips   |   Advanced Search