WAS v8.5 > Develop applications > Develop web services - Security (WS-Security) > Develop applications that use Web Services Security > Develop message-level security for JAX-WS web services > Secure web services applications using the WSS APIs at the message level > Secure messages at the request generator using WSS APIsSecure messages at the request generator using WSS APIs
We can secure SOAP messages by configuring signing information, encryption, and generator tokens to protect message integrity, confidentiality, and authenticity, respectively. This request (client-side) generator configuration defines the Web Services Security requirements for the outgoing SOAP message request.
To secure web services with WebSphere Application Server, configure the generator and the consumer security constraints. Therefore, in addition to securing messages at the request generator level, you must also secure messages at the response consumer level.
The request (client-side) generator configuration requirements involve generating a SOAP message request that uses a digital signature, incorporates encryption, and attaches security tokens.
To secure web service applications, specify several different configurations. Although there is no specific sequence to specify these different configurations, some configurations reference other configurations. For example, decryption configurations reference encryption configurations.
We can use the following interfaces to configure Web Services Security and to define policy types to secure the SOAP messages:
- Use the dmgr console to configure policy sets.
- Use the Web Services Security APIs (WSS API) to configure the SOAP message context (only for the client)
The following high-level steps use the WSS APIs:
- Configure generator signing to protect message integrity.
- Configure encryption to protect message confidentiality.
- Attach generator tokens to protect message authenticity.
- Propagate self-issued SAML bearer tokens using WSS APIs.
- Propagate self-issued SAML sender-vouches tokens with message protection using WSS APIs.
- Propagate self-issued SAML sender-vouches tokens with transport protection using WSS APIs.
- Send self-issued SAML holder-of-key tokens with symmetric key using WSS APIs.
- Send self-issued SAML holder-of-key tokens with asymmetric key using WSS APIs.
Next, if not already configured, secure messages with signature verification, decryption, and consumer tokens at the response consumer (client-side) level.
- Secure messages at the request generator using WSS APIs
- Inserting SAML attributes using WSS APIs
- Request SAML bearer tokens from an external STS
- Request SAML sender-vouches tokens from an external STS using WSS APIs and message level protection
- Request SAML sender-vouches tokens from an external STS using WSS APIs and transport level protection
- Request SAML holder-of-key tokens with symmetric key from external security token service using WSS APIs
- Request SAML holder-of-key tokens with asymmetric key from External security token service using WSS APIs
- Send a security token using WSSAPIs with a generic security token login module
Related
Secure messages at the response consumer using WSS APIs