This article describes how to use IBM® WebSphere® Application Server Version 6 and IBM Rational® Application Developer to sign and encrypt any element in a SOAP message using an XPATH expression and the Web Services Security 1.0 standard.
Learn how to use IBM WebSphere Application Server Version 6.0 and IBM Rational Application Developer to sign and encrypt any element in a SOAP message using the Web Services Security 1.0 standard (WS-Security). WS-Security is designed to be flexible and extensible. However, that flexibility and extensibility is a double-edged sword: it enables security for many message-level scenarios, but adds significant complexity to the development process. WebSphere Application Server provides a simple keyword-based mechanism to specify which SOAP message elements are to be signed and encrypted. Keywords are defined to support the majority of common usage scenarios for standard message elements. However, SOAP messages frequently contain non-standard application-defined elements that must also be protected. This article describes how you can use an XPATH expression with WebSphere Application Server to sign and encrypt any element in a SOAP message. The article is intended for Web services application developers who need to secure their SOAP messages using message-level security.
|Article in PDF format||0605_chung.pdf ( HTTP | FTP )||2.3MB|
|Readme file for samples||readme.txt ( HTTP | FTP )||1KB|
|Sample files, EAR file, genkey command file||samples.zip ( HTTP | FTP )||78KB|
- Browse for books on these and other technical topics.
- developerWorks WebSphere Web Services zone: Get technical resources and downloads for IBM WebSphere Web services.
- developerWorks SOA and Web services zone: Get technical resources and downloads for IBM SOA and Web services.
- Web Services Security with WebSphere Application Server V6, Part 1: Introduction to Security Architectures: This developerWorks article introduces various Application Server Version 6 Web services security architectures, and describes the pros and cons of each.
- Web Services Security with WebSphere Application Server V6, Part 2: UserNameToken and SSL: This article describes how to secure a resource using a user name and a password.
- Web Services Security Specification
- Redbook: WebSphere Version 6 Web Services Handbook Development and Deployment
- WebSphere Version 6 Information Center
- XPATH specification
- XML-Signature Syntax and Processing
- XML Encryption Syntax and Processing
- XML signature element wrapping attacks and countermeasure
- Redbook: Rational Application Developer V6 Programming Guide
- Build Secure Web Services Using Rational Application Developer: This developerWorks tutorial shows you how to authenticate using a user ID and password, ensure integrity using digital signatures, and ensure confidentiality using encryption.
Get products and technologies
- Build your next development project with IBM trial software, available for download directly from developerWorks.
- Participate in developerWorks blogs and get involved in the developerWorks community.