Introduction
WebSphere Commerce sends Web service requests to external system using
J2EE™ Connector Architecture (JCA) connectors. WebSphere
Commerce has JCA connectors for sending Web service requests over HTTP
and JMS. The Web service request is sent as a SOAP message, which is
in XML format. The contents of the SOAP message are un-encrypted.
Hence, while using the HTTP connector, it becomes essential to use a
secure protocol like HTTPS to prevent from any potential
eavesdropping. This tutorial will demonstrate how to host the
application on secure transport chain in WebSphere ESB.
Both WebSphere Commerce and WebSphere ESB use IBM WebSphere Application
Server as the platform. The tasks required for configuring SSL is only
specific to WebSphere Application Server. You can refer to this
tutorial to configure SSL for secure communications between any
applications that use WebSphere Application Server as the
platform.
For this tutorial, we will consider WebSphere ESB as the Web service
provider of the Web services, which are consumed by WebSphere
Commerce. The Web services in WebSphere ESB perform some expensive and
protected operations like connecting to a live production server and
running customer transactions on it. Hence, it becomes important that
the identity of any client attempting to invoke the Web services is
authenticated. This tutorial will demonstrate how to enforce client
authentication in WebSphere ESB so that only a trusted client like
WebSphere Commerce is allowed to access its Web services.
It is possible that through some eavesdropping means, the request from
WebSphere Commerce is served by a hacker's server. In such a case, it
is important for WebSphere Commerce to authenticate the identity of
the server who is serving the request. This tutorial will demonstrate
how to add client and server certificates to the trust stores in
WebSphere ESB and WebSphere Commerce, respectively.
| 
