Migrating CXF WS-Security to Liberty

Migrating CXF WS-Security to Liberty is easy and straightforward. The migration work includes migrating the Spring or Spring-like configuration to the server.xml file. If a CallbackHandler is required, you must also package and install a password CallbackHandler as a Liberty user feature.

Before you begin

Ensure that you have a working knowledge of CXF WS-Security enabled web services outside Liberty.

About this task

To protect your web service application with WS-Security, your JAX-WS application must contain a wsdl that has an embedded WS-Security policy. There must be a PolicyReference to the embedded WS-Security policy in either the wsdl:binding or wsdl:operation sections or both. After you migrate your web service to Liberty, you can enable a WS-Security policy-driven WS-Security configuration. This task describes how you can migrate an Apache CXF WS-Security configuration to Liberty.

Procedure

  1. Add the wsSecurity-1.1 feature to the server.xml file to enable WS-Security in Liberty.
  2. Add the WS-Security configuration to the server.xml file. CXF WS-Security in Liberty does not support the Spring configuration file, or its equivalent configuration file from other vendors. You must migrate extra configurations that are defined outside the policy from the Spring or its equivalent configuration file to the server.xml file in Liberty.

    Create the <wsSecurityClient> element to hold the client-side configuration, and the <wsSecurityProvider> element to hold the server-side configuration. All configuration property name and value pairs from CXF and WSS4J must be preserved. You can use the same name and value pairs from the Spring or equivalent configuration files. For crypto properties, you must create the <signatureProperties> and <encryptionProperties> subelements to hold all the required properties. For more information, see Web services security default configuration.

  3. Package your password callback handler as a Liberty user feature if you have a password callback handler in your Spring configuration files. For more information about the password CallbackHandler, see Developing a password callback handler for WS-Security.

Results

You migrated a WSDL-first web service to Liberty.

Icon that indicates the type of topic Task topic



Timestamp icon Last updated: Saturday, 3 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=twlp_wssec_migrating
File name: twlp_wssec_migrating.html