Secure bus-enabled web services
Service integration technologies provides a range of facilities for secure communication between the service requester and the service integration bus, and between the bus and the target service.
By default, bus-enabled web services are available when WebSphere Application Server security is enabled and your service integration buses are secured. However this level of security does not impose any restrictions on the users of individual web services. To control how the web services are used by each group of our colleagues or customers, we can further configure the web services to work with password-protected components and servers, with WS-Security and with HTTPS.
Subtopics
- Overriding the default security configuration between bus-enabled web services and a secure bus
To override the default configuration through which the bus-enabled web services component accesses a secure service integration bus, we configure an authentication alias that the service integration resource adapter uses to access the bus.- Configure secure transmission of SOAP messages using WS-Security
Configure service integration technologies for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) specification.- Work with password-protected components
Configure user ID and password authentication and authorization for inbound services, and for individual operations within a web service. Invoke password-protected outbound services, and access password-protected proxy servers.- Invoking outbound services over HTTPS
Use Secure Sockets Layers (SSL) to allow the service integration bus to invoke external web services that include https:// in their addresses.
Bus-enabled web services troubleshooting tips