Configure default Web Services Security bindings
WebSphere Application Server provides support for a set of default Web Services Security bindings for applications. A set of bindings is a named object associated with a specific policy set and service resource attached to the policy set.
Bindings contain environment and platform specific information, such as the following types of information:
- Keys used for signature and encryption
- Keystore information
- Authentication information
- Persistent information
In WAS v7.0 and later, there are two types of bindings, application specific bindings and general bindings. Typically, bindings are specific to the application or the platform, and they are not shared.
General bindings can be configured to be used across a range of policy sets and can be reused across applications and for trust service attachments. Though general bindings are highly reusable, they are not able to provide configuration for advanced policy requirements, such as multiple signatures. There are two types of general bindings: general provider policy set bindings and general client policy set bindings. The general bindings that are shipped with WAS are initially set as the default bindings, but we can choose a different binding as the default, or change the level of binding that should be used as the default, for example, from cell level binding to server level binding. Default bindings can be used on their own or in combination with an application specific binding assigned to a policy set attachment. See topic General JAX-WS default bindings for Web Services Security. For a description of the general sample bindings included with WAS, and used with JAX-WS, read the topic General sample bindings for JAX-WS applications.
To create general bindings:
Tasks
- Log in to the administrative console and navigate to the general provider policy set and bindings panel, or the general client policy set and bindings panel
- Click Services > Policy sets > General provider policy set bindings.
- Click Services > Policy sets > General client policy set bindings.
- Click New.
Policy set bindings contain platform-specific information, like keystore, authentication information or persistent information, required by a policy set attachment. Each policy set attachment to a service provider or service client must have exactly one binding. When we create a policy set attachment, the general default bindings are used initially. When general bindings are used in association with a policy set attachment, the cell-level general bindings are applied at run time. If application server level bindings exist, the server-level general bindings override the cell-level definition. General bindings specify configuration for both service client and service provider attachments and the general bindings are not tailored to a specific policy set or application. When defining server-level general bindings, the binding begins in a completely unconfigured state. We must add the policy, and then fully configure the bindings for each added policy.
An application specific binding is a named binding that we create. Application specific bindings allow us to provide platform-specific configuration information for specific policy set attachments. When we create an application specific binding, the available binding configuration options are tailored to the definitions in the attached policy set. We can reuse application specific bindings for multiple service resources within an application. For example, if we create a trust service specific binding, that binding can be reused only for trust service attachments.
When we create an application specific binding for a policy set attachment, the binding begins in a completely unconfigured state. Since the default WS-Security binding fills in the gaps that remain from an application specific binding, the configuration is completely covered by the default binding. For a WS-Security policy, to completely override the default general binding, we must fully configure the application specific bindings to cover all aspects of the attached policy.
Important: Only use the sample default bindings in a testing environment. Do not use sample default bindings in a production environment. Default bindings contain sample key files that must be customized before use in a production environment.
See the topic Define and manage service client or provider bindings for more information about bindings.
Related:
General JAX-WS default bindings for Web Services Security General sample bindings for JAX-WS applications Web services policy set bindings Default policy set bindings collection Service client or provider policy set bindings collection