General JAX-WS default bindings for Web Services Security
General bindings are used as the default bindings at the cell level or server level, or for multiple domains, at the domain level. The general bindings included with WebSphere Application Server are initially set as the default bindings. However, we can choose a different binding as the default, or change the level of binding used as the default, for example, from cell-level binding to server-level binding.
Policy set bindings contain platform-specific information, such as keystore, authentication information, or persistent information, required by a policy set attachment. In WAS v7.0 and later, there are two types of bindings: application-specific bindings, and general bindings. Both types of bindings are supported for WS-Security policy sets. General bindings can be used as default bindings, and can also be shared across multiple applications and for trust service attachments. There are two types of general bindings: one for service providers and one for service clients. We can define multiple general bindings for the provider and also for the client. However, only one general provider binding and one general client binding can be designated as the default.
Default bindings are used when no application-specific binding or trust service binding has been assigned to a policy set attachment. We can choose the general provider and general client bindings, which are used as the default bindings for the cell. These are the global security settings. Likewise, we can choose the general provider and general client bindings, which are used as the default bindings for a server. For specific information about selecting bindings, see the topic Defining and managing policy set bindings.
In an environment with multiple security domains, we can also choose the general provider and general client bindings, which are used as the default bindings for a domain. If we do not choose a binding to be the default for a server, the default bindings for the domain in which the server resides are used. If we do not choose a binding to be the default for a domain, the default bindings for the cell (global security) are used. Choose default provider and default client bindings for the cell.
The general bindings included with WAS are initially set as the cell default bindings. We cannot delete a binding selected as the default binding for server, a domain, or the cell. Before you delete a binding selected as the default, select a different default binding, or specify that the defaults for the cell (global security) should be used.
The following default bindings are shipped with the product:
- Provider sample
- Client sample
- v6.1 default policy set bindings
The v6.1 bindings are used only if a WAS v6.1 Feature Pack for Web Services application is installed within the WAS v7.0 and later environment. See topic Version 6.1 default policy set bindings.
Do not use the provider and client sample bindings included with WAS in their current state in a production environment. We must modify these bindings to meet our security needs before using them in a production environment by making a copy of the bindings and then modifying the copy. For example, change the key and keystore settings to ensure security, and modify the binding settings to match the environment.
After we make a copy of the provider or client sample bindings, customize only the settings of the new copy to suit your purposes. Do not remove anything from your binding copy, such as token generators, token consumers, sign parts, or encrypt parts. We can add things to your binding copy if needed, but deleting information can cause unanticipated errors at run time.
For a detailed description of the general sample bindings, see the topic General sample bindings for JAX-WS applications.
To define and manage general bindings, in the administrative console click...
Services > Policy sets > General provider policy set bindings or Services > Policy sets > General client policy set bindings
To manage bindings for the cell or the domain, click...
Services > Policy sets > Default policy set bindings
The general service provider and client bindings have independent settings that we can customize to meet the needs of the environment. To learn more about general bindings, read the topic Defining and managing policy set bindings.
In addition to choosing default bindings for the cell (global security), we can also choose the general provider and general client bindings to use as the default bindings for a server. When are using JAX-WS and want to specify the server default bindings, log on to the administrative console and click...
Servers > Server Types > WebSphere application servers > server
In the Security section of the console page, click Default policy set bindings.
Define and manage policy set bindings v6.1 default policy set bindings