+

Search Tips   |   Advanced Search

Secure JAX-RPC Web services using message level security


Standards and profiles address how to provide protection for messages that are exchanged in a Web service environment.

Best practice: IBM WAS supports the JAX-WS model and the JAX-RPC model. JAX-WS is the next generation Web services model extending the foundation provided by the JAX-RPC model. Using the strategic JAX-WS model, development of Web services and clients is simplified through support of a standards-based annotations model. Although the JAX-RPC model and applications are still supported, take advantage of the easy-to-implement JAX-WS model to develop new Web services applications and clients. bprac

To secure Web services with WAS, specify several different configurations. Although there is not a specific sequence in which specify these different configurations, some configurations reference other configurations. See WS-Security configuration considerations.

Web service security is supported in the managed Web service container. To establish a managed environment and to enforce constraints for WS-Security, perform a JNDI lookup on the client to resolve the service reference.

Because of the relationship between the different WS-Security configurations, IBM recommends specified the configurations on each level of the configuration in the following order. We can choose to configure WS-Security for the application level, the server level or the cell level as it depends upon the environment and security needs.

 

 

Results

After completing these steps for WAS, we have secured Web services.


Migrate JAX-RPC WS-Security applications to V7.0 applications
Secure messages using JAX-RPC at the request and response generators
Secure messages using JAX-RPC at the request and response consumers
Set WS-Security using JAX-RPC at the platform level
Develop Web services clients that retrieve tokens from the JAAS Subject in an application
Develop Web services applications that retrieve tokens from the JAAS Subject in a server application

 

Related concepts


Assembly tools

 

Related tasks


Troubleshooting Web services
Tuning WS-Security for V7.0 applications
Secure Web services applications at the transport level
Authenticate Web services clients using HTTP basic authentication
Set trust anchors for the generator binding on the application level
Set the collection certificate store for the generator binding on the application level
Set token generators using JAX-RPC to protect message authenticity at the application level
Set the key locator using JAX-RPC for the generator binding on the application level
Set the key information using JAX-RPC for the generator binding on the application level
Set the signing information using JAX-RPC for the generator binding on the application level
Set encryption using JAX-RPC to protect message confidentiality at the application level
Set trust anchors for the consumer binding on the application level
Set the collection certificate store for the consumer binding on the application level
Set token consumers using JAX-RPC to protect message authenticity at the application level
Set the key locator using JAX-RPC for the consumer binding on the application level
Set the key information for the consumer binding on the application level
Set the signing information using JAX-RPC for the consumer binding on the application level
Set encryption to protect message confidentiality at the application level
Set trust anchors on the server or cell level
Set the collection certificate on the server or cell level
Set a nonce on the server or cell level
Set token generators using JAX-RPC to protect message authenticity at the server or cell level
Set the key locator using JAX-RPC on the server or cell level
Set the key information for the generator binding using JAX-RPC on the server or cell level
Set the signing information using JAX-RPC for the generator binding on the server or cell level
Set encryption using JAX-RPC to protect message confidentiality at the server or cell level
Set trusted ID evaluators on the server or cell level
Set token consumers using JAX-RPC to protect message authenticity at the server or cell level
Set the key information for the consumer binding using JAX-RPC on the server or cell level
Set the signing information using JAX-RPC for the consumer binding on the server or cell level
Set encryption to protect message confidentiality at the server or cell level
Secure Web services applications using message level security

 

Related


Security considerations for Web services
rrdSecurity.props file