+

Search Tips   |   Advanced Search

Set Web Services Transaction support in a secure environment


If we use Web Services Atomic Transaction (WS-AT) or Web Services Business Activity (WS-BA) support when administrative security is enabled, we might have to change the default transaction service configuration. You can disable the transaction coordination authorization setting, create a new Web container transport chain, or do both.

We might disable transaction coordination authorization to interoperate with other servers, but you do not want to use the transaction manager in the Common Criteria EAL4 evaluated configuration (the default when administrative security is set). When transaction coordination authorization is disabled, WAS does not automatically reject secure WS-Transactions protocol messages. You might configure a new Web container transport chain for use by WS-Transactions in the following situations:

The transaction service, by default, selects a suitable Web container transport chain from the list of those configured and uses it for protocol messages. Configure a new transport chain and specify our own settings. For example, we can specify an alternative SSL configuration that requires client certificate authentication, which is then used specifically for WS-Transactions protocol messages.

 

  1. Optionally, use the following steps to disable transaction coordination authorization.

    1. In the admin console ...

      Servers > Server Types > WebSphere application servers > server_name > [Container Settings] Container Services > Transaction Service .

    2. Clear the Enable transaction coordination authorization check box.

    3. Click Apply or OK.

    4. Save the changes to the master configuration.

  2. Optionally, use the following steps to create a new Web container transport chain.

    1. In the admin console ...

      Servers > Application servers > server_name > [Container Settings] Web Container Settings > Web container transport chains.

    2. Click New to create a new transport chain.

    3. Type a name for the transport chain.

    4. From the Transport chain template list, select an appropriate template.

    5. Click Next to select a new port for the chain.

    6. Type a name, host, and port number for the port. For a secure chain, the host must match the common name in the certificate used.

    7. Click Next, confirm the settings, then click Finish.

    8. Save the changes to the master configuration.

    9. If necessary, create a new SSL configuration and associate it with the SSL channel associated with the new chain.

      See Create an SSL configuration. You are now ready to configure the transaction service to use the new transport chain.

    10. Click Servers > Application servers > server_name > [Container Settings] Container Services > Transaction Service .

    11. In the External WS-Transaction HTTP(S) URL prefix section, click Select prefix, then select the Web container transport chain that you have just created from the list.

      For an intermediary, such an HTTP proxy, in front of the appserver, click Specify custom prefix, then type the external endpoint URL information for the intermediary node in the field.

      See Enable WAS to use an intermediary node for Web services transactions.

    12. Click Apply or OK, then save the changes to the master configuration.

  3. After you save all the configuration changes, restart the server for the changes to take effect.

 

Results

You configured the system to use WS-AT or WS-BA in a secure environment.

 

Related concepts


Use WS-Transaction policy to coordinate transactions or business activities for Web services

 

Related tasks


Use the transaction service
Create an SSL configuration
Enable WAS to use an intermediary node for Web services transactions

 

Related


Example: Set IBM HTTP server as an intermediary node for Web services transactions
Common Criteria (EAL4) support