ws-security.xml file - Default configuration for WAS ND
For JAX-RPC applications, WebSphere Application Server, Network Deployment installation uses the ws-security.xml file to define the default binding information for Web Services Security for an entire cell.
In the WAS ND installation, the ws-security.xml file is at the cell level and defines the default binding information for Web Services Security for the entire cell. But each application server can have its own ws-security.xml file to override the cell default; similarly, each web service can override the default in its binding files. The following list contains the defaults defined in ws-security.xml file:
- Trust anchors
- Identifies the trusted root certificates for signature verification.
- Collection certificate stores
- Contains certificate revocation lists (CRLs) and non-trusted certificates for verification.
- Key locators
- Locates the keys for digital signature and encryption.
- Trusted ID evaluators
- Evaluates the trust of the received identity before identity assertion.
- Login mappings
- Contains the JAAS configurations for AuthMethod token validation.
The Web Services Security run time reads the configuration from the application bindings first, then tries the server-level, and finally tries the cell level. The following figure depicts the runtime configuration process.
Figure 1. Runtime configuration
Related: