+

Search Tips   |   Advanced Search

Getting Started: Using a policy set and default bindings to sign and encrypt a message

This procedure describes how to configure the message-level WS-Security policy set and bindings to sign and encrypt a SOAP message that uses a custom policy set and default bindings. This task is intended to help we get familiar with adding WS-Security constraints to a JAX-WS application.

Before you begin

This task assumes that the service provider and client that we are configuring are in the JaxWSServicesSamples application. For more information about how to obtain and install the application, see Accessing Samples.

Use the following trace specification on the server. We can debug any future configuration problems that might occur using these specifications.

*=info:com.ibm.wsspi.wssecurity.*=all:com.ibm.ws.webservices.wssecurity.*=all:
    com.ibm.ws.wssecurity.*=all: com.ibm.xml.soapsec.*=all: com.ibm.ws.webservices.trace.*=all:
    com.ibm.ws.websvcs.trace.*=all:com.ibm.ws.wssecurity.platform.audit.*=off:

About this task

This procedure explains the actions that we need to complete to configure a WS-Security policy set to use the asymmetric XML-Digital Signature and Encryption WS-Security constraints. Since you are not attaching any binding in this procedure, the default bindings are used for both the client and the provider.

To apply the policy set and bindings to this application, in the administrative console click Applications > Application types > WebSphere enterprise applications > JaxWSServicesSamples. When we are using your own applications, you can use the following paths as an alternative way to access the provider and client for attachment of the policy set and bindings:

  • Services > Service providers > AppName
  • Services > Service clients > AppName

Procedure

  1. Create the custom policy set.
    1. In the administrative console, click Services > Policy sets > Application Policy sets.
    2. Click New.
    3. Specify Name=SimpleSignEncPolicy.
    4. Click Apply.
    5. Under Policies, click Add > WS-Security
    By default, the policy now has the following configuration:
    • Timestamp sent in outbound messages
    • Timestamp required in inbound messages
    • Sign the request and the response (Body, WS-Addressing header, and Timestamp)
    • Encrypt the request and the response (Body and Signature element in SOAP Security header)
  2. Click Save to save your configuration changes.
  3. Configure the client to use the SimpleSignEncPolicy policy set.
    1. In the administrative console, click Applications > Application types > WebSphere enterprise applications > JaxWSServicesSamples > Service client policy sets and bindings.
    2. Select the web services client resource (JaxWSServicesSamples).
    3. Click Attach Policy Set.
    4. Select SimpleSignEncPolicy.
  4. Configure the provider to use the SimpleSignEncPolicy policy set.
    1. In the administrative console, click Applications > Application types > WebSphere enterprise applications > JaxWSServicesSamples > Service provider policy sets and bindings.
    2. Select the web services provider resource (JaxWSServicesSamples).
    3. Click Attach Policy Set.
    4. Select SimpleSignEncPolicy.
  5. Click Save to save your configuration changes.
  6. Restart the client and provider.
    1. Stop the client and the provider.
    2. Restart the client and the provider.
  7. Test the Service.
    1. Point your web browser at the JAXWSServicesSamples: http://localhost:9080/wssamplesei/demo
      Avoid trouble: Make sure that we provide the correct host name and port if our provider is not on the same machine, or if the port is not 9080.
    2. Select Message Type Synchronous Echo.
    3. Make sure Use SOAP 1.2 is not selected.
    4. Enter a message and click Send Message.
    The sample application should reply with JAXWS==>Message.

Results

The JaxWSServicesSamples web services application is configured to use asymmetrical XML Digital Signature and Encryption to protect your SOAP requests and responses that use client and provider default general bindings.

What to do next

After you complete the task, you can move on to more involved configurations such as: