Migration of JAX-WS Web Services Security bindings from Version 6.1
We can migrate Web Services Security bindings from an older version to v7.0 and later of WebSphere Application Server. Migration of the JAX-WS bindings in v6.1 Feature Pack for Web Services takes place during the product migration to Version 7.0 and later.
The product migration handles most of the WS-Security migration process, but your input and action is required for specific configurations in order to complete the migration. Examples of configurations that require manual migration steps:
- Use callers on v6.1 Feature Pack for Web Services.
WAS v7.0 and later supports the capability to specify a preference order for callers. In the situation where only a single caller is present in the bindings, product migration automatically assigns an order of 1 to the single caller that is present. However, if there are multiple callers, warnings are logged during migration, and we must manually assign the caller preference order. Set the order attribute for each caller using the administrative console, or the administration commands, after product migration is completed. Read about call collection and configuring the callers for general and default bindings for instructions on setting the caller order using the administrative console. See the topic "WS-Security policy and binding properties" for information on using the administration commands.
- Use multiple username tokens in the default bindings.
During product migration for v6.1 default bindings, all UsernameToken generators and consumers in the bindings will be migrated. However, if multiple username token generators, or consumers, are used, a warning is logged during migration. The warning states that a maximum of two username token generators and two username token consumers are allowed, and that one of each pair of token generators or consumers must have the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property set to true. We must manually select which username token consumer or generator to keep, and which token has the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property, using the administrative console, or administration commands.
- To use the administrative console to set the property, access the WS-Security 6.1 default bindings as instructed in the "Policy set bindings settings for WS-Security" topic, and click the Authentication and Protection link. Add, remove or edit the username token consumers and generators as needed, following the instructions in the "WS-Security authentication and protection for general bindings" topic.
- To use the administration commands to set the property, and to add, delete and edit the username token generators or consumers as needed, refer to the "WS-Security policy and bindings properties" topic for instructions.
- Use multiple token generators and token consumers of the same type in v6.1 default bindings.
During product migration for v6.1 default bindings, all token generators and token consumers for supporting tokens are migrated. In the situation where multiple token generators and token consumers of the same supporting token type are found a warning is logged during migration. This warning states that only a single token consumer and token generator for each supporting token type must be present. We must manually select which token consumer or generator to use for the repeating supporting token type, using the administrative console or administration commands. To use the administrative console to select the token, access the WS-Security 6.1 default bindings as instructed in the "Policy set bindings settings for WS-Security" topic, and select the Authentication and Protection link. Add, edit or remove token consumers and generators as needed, following the instructions in the "WS-Security authentication and protection for general bindings" topic.
Related:
Secure web services Configure the callers for general and default bindings Caller collection WSSecurity policy and binding properties Policy set bindings settings for WS-Security WS-Security authentication and protection for general bindings