Develop message-level security for JAX-RPC web services
IBM WebSphere Application Server supports JAX-WS and JAX-RPC.
Subtopics
- Develop web services clients that retrieve tokens from the JAAS Subject in an application
The security handlers are responsible for propagating security tokens. These security tokens are embedded in the SOAP security header and passed to downstream servers.- Develop web services applications that retrieve tokens from the JAAS Subject in a server application
With a server application, the application acts as the request consumer, and the response generator is deployed and runs in the Java EE container. The consumer component for Web Services Security stores the security tokens that it receives in the JAAS Subject of the current thread. We can retrieve the security tokens from the JAAS Subject that is maintained as a local thread in the container.- Develop web services applications to use a UsernameToken with no registry interaction
To authenticate a UsernameToken with a caller part without accessing the WAS registry, we can replace the authentication method of the UsernameToken consumer and configure the caller to use an alternative JAAS login configuration.- Develop web services clients that retrieve tokens from the JAAS Subject in an application
The security handlers are responsible for propagating security tokens. These security tokens are embedded in the SOAP security header and passed to downstream servers.- Develop web services applications that retrieve tokens from the JAAS Subject in a server application
With a server application, the application acts as the request consumer, and the response generator is deployed and runs in the Java EE container. The consumer component for Web Services Security stores the security tokens that it receives in the JAAS Subject of the current thread. We can retrieve the security tokens from the JAAS Subject that is maintained as a local thread in the container.- Develop web services applications to use a UsernameToken with no registry interaction
To authenticate a UsernameToken with a caller part without accessing the WAS registry, we can replace the authentication method of the UsernameToken consumer and configure the caller to use an alternative JAAS login configuration.