Create a new WS-Security configuration for use with service integration
bus-deployed web services. You use WS-Security configurations to secure the
SOAP messages that pass between service requesters (clients) and inbound services,
and between outbound services and target web services.
Before you begin
Use this option to work with WS-Security configurations that comply
with either the
Web Services Security (WS-Security) 1.0
specification, or the previous WS-Security specification, WS-Security
Draft 13 (also known as the Web Services Security Core Specification).
Note: Use of WS-Security Draft 13 was deprecated in WebSphere® Application Server
Version 6.0. Use of WS-Security Draft 13 is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
This topic assumes that you have got, from the owning parties, the WS-Security configurations for the client (for an inbound
service) and the target web service (for an outbound service).
You can only use WS-Security with web service applications that comply with the Web Services for Java Platform, Enterprise Edition (Java EE) or Java Specification Requirements (JSR) 109 specification. For more information, see Web Services Security and Java Platform, Enterprise Edition security relationship. For information about how to make your web service applications JSR-109 compliant, see topics about developing JAX-RPC web services clients or JAX-WS clients.
About this task
WS-Security configurations specify the level of security that you require (for example The
body must be signed
). This level of security is then implemented through the run-time
information contained in a WS-Security binding. You receive the security configuration information direct from the
service requester or target service provider, in the form of an
ibm-webservicesclient-ext.xmi
file for the client, and an
ibm-webservices-ext.xmi
file for the target web service, which contain the
information about the levels of security (integrity, confidentiality and identification) that are
required. You extract the information from these .xmi
files, then manually enter it
into the WS-Security configuration forms.
Configurations are administered
independently from any web service that uses them, so you can create a configuration
then apply it to many web services. However, the security requirements for
an inbound service (which acts as a target web service) are significantly
different to those required for an outbound service (which acts as a client).
Consequently, configurations are further divided by service type (inbound
or outbound).
Unlike most other configuration objects, when you create
a WS-Security configuration you can only define its basic aspects. To define
the details you save the new WS-Security configuration, then reopen it for
modification as described in Modifying an existing WS-Security configuration.
To create a new WS-Security configuration, complete
the following steps:
Procedure
- Start the administrative console.
- In the navigation pane, click .
- Click New.
The New WS-Security
Service Configuration wizard is displayed.
- Use the wizard to assign the following general properties:
- Select the version of the WS-Security specification.
Set
this option to either Draft 13 (for a configuration that complies with the
WS-Security Draft 13 specification) or 1.0 (for a configuration that complies
with the
Web Services Security (WS-Security) 1.0
specification.
Note: Use of WS-Security Draft 13 was deprecated in WebSphere Application Server
Version 6.0. Use of WS-Security Draft 13 is deprecated, and you should only use it to allow continued use of an existing web services client application that has been written to the WS-Security Draft 13 specification.
- Specify the service type.
If you are creating a configuration
to secure the SOAP messages that pass between a service requester (client)
and an inbound service (which acts as a target web service), select Inbound
Service. If you are creating a configuration to secure the SOAP messages that
pass between an outbound service (which acts as a client) and a target Web
service, select Outbound Service.
- Specify the WS-Security configuration type.
Give
a name to this configuration. This name must be unique across both WS-Security
Version 1.0 and Draft 13 configurations, and it must follow the following
syntax rules:
- It must not start with
.
(a period).
- It must not start or end with a space.
- It must not contain any of the following characters:
\ / , # $
@ : ; " * ? < > | = + & % '
(Optionally) Specify an Actor URI for this configuration. WS-Security
headers within the consumed request message are only processed if they have
the specified Actor URI.
- Click Finish.
The general
properties for this item are saved.
Results
If the processing completes successfully, the list of WS-Security
configurations is updated to include the new configuration. Otherwise, an
error message is displayed.
What to do next
You are now ready to define the configuration details as described
in Modifying an existing WS-Security configuration.