ws-security.xml file - Default configuration for WebSphere Application Server Network Deployment
For JAX-RPC applications, WebSphere® Application Server Network Deployment installation uses the ws-security.xml file to define the default binding information for Web Services Security for an entire cell.
Important: There is an important distinction between Version 5.x and Version 6
and later applications. The information supports Version 5.x applications only that are used
with WebSphere Application Server Version 6.0.x and later. The information
does not apply to Version 6.0.x and later applications.
In the WebSphere Application Server Network Deployment installation, the
ws-security.xml file is at the cell level and defines the default binding
information for Web Services Security for the entire cell. But each application server can have its
own ws-security.xml file to override the cell default; similarly, each web
service can override the default in its binding files. The following list contains the defaults
defined in ws-security.xml file:
- Trust anchors
- Identifies the trusted root certificates for signature verification.
- Collection certificate stores
- Contains certificate revocation lists (CRLs) and non-trusted certificates for verification.
- Key locators
- Locates the keys for digital signature and encryption.
- Trusted ID evaluators
- Evaluates the trust of the received identity before identity assertion.
- Login mappings
- Contains the Java™ Authentication and Authorization Service (JAAS) configurations for AuthMethod token validation.
The Web Services Security run time reads the configuration from the application bindings first, then tries the server-level, and finally tries the cell level. The following figure depicts the runtime configuration process.