Configure secure transmission of SOAP messages using WS-Security
Configure service integration technologies for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) specification.
We can configure the service integration bus for secure transmission of SOAP messages using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) 1.0 specification.
Alternatively, we can configure the bus in accordance with the previous WS-Security specification, WS-Security Draft 13 (Web Services Security Core Specification).
Use of WS-Security Draft 13 was deprecated in WebSphere Application Server v6.0. Use of WS-Security Draft 13 is deprecated, and should only be used to allow continued use of an existing web services client application written to the WS-Security Draft 13 specification.
We can only use WS-Security with web service applications that comply with the Web Services for Java EE or Java Specification Requirements (JSR) 109 specification. See Web Services Security and Java Platform, Enterprise Edition security relationship. For information about how to make the web service applications JSR-109 compliant, see Implementing JAX-RPC web services clients or Implementing static JAX-WS web services clients.
To protect a service integration bus-deployed web service, we can apply the following types of WS-Security resource to the inbound or outbound ports that the service uses:
- WS-Security bindings.
- WS-Security configurations.
The configurations resource type specifies the level of security that you require (for example "The body must be signed"), and the bindings resource type provides the information that the run-time environment needs to implement the configuration (for example "To sign the body, use this key"),
When we associate a WS-Security resource with a port, we choose from a list of WS-Security resources that we have previously configured as described in the following topics:
Tasks
What to do next
We can associate any binding with any configuration, so ensure chosen a valid combination. We can also configure various WS-Security binding objects at the cell level, as described in Default bindings and runtime properties for Web Services Security. We can then use these binding objects when configuring bindings for use with your inbound and outbound ports. For example we can use a trust anchor that is defined at cell level when we are defining the signing information for a service integration binding object.
For an overview of how WS-Security is applied to service integration bus-deployed web services, see Service integration technologies and WS-Security. For detailed information about how WS-Security is implemented in WAS, see Overview of standards and programming models for web services message-level security. For more information about the WS-Security standard, see the Web Services Security (WS-Security) 1.0 specification.
Related:
Service integration technologies and WS-Security Web Services Security and Java Platform, Enterprise Edition security relationship Overview of standards and programming models for web services message-level security Secure web services applications using the WSS APIs at the message level Administer the bus-enabled web services resources Implement static JAX-WS web services clients Implement JAX-RPC web services clients