The SSL configuration of the Web Service client-side
transport security is based on the WebSphere SSL configuration model.
Understanding the WebSphere SSL configuration model is required in order
to configure successfully. Use the following steps to set up client-side
transport security for Web Services running on a WebSphere Application
Server.
Ÿ First configure an SSL alias using the SSL configuration repertoire
that is part of WebSphere Security Configuration model. (See section
titled "Creating a secure sockets layer repertoire configuration entry" in
the InfoCenter. Here, users can configure the keystore and truststore.)
Ÿ Next, to configure the Web Services outbound transport security for the
Web Services application server, define the SSL alias name in the
deployment descriptor using the Assembly Toolkit (ATK). The steps are
documented under section of "Web services assembly properties" in
InfoCenter.
5.0.2 Web services assembly properties
ibm-webservices-bnd.xmi properties
The ibm-webservices-bnd.xmi file is a deployment descriptor for a Web
Services-enabled Web module or Enterprise JavaBean (EJB) module. It
contains information for the Web Services runtime that is either WebSphere
product-specific or is not specified by Web Services for Java 2 Enterprise
Edition (J2EE).
You can edit these properties using the Application server
toolkit. The Application server toolkit replaces the Application
Assembly Tool (AAT). It is a the tool available with the Application
Server Toolkit product. To edit the properties:
1. Locate the webservices.xml file in the module.
2. Double-click the webservices.xml file to open the Web
Services editor.
3. Access the Web Services Bindings editor through the
Bindings tab at the bottom of the editor pane.
4. Access the Web Services Binding Configurations editor through
the Binding Configurations tab at the bottom of the editor
pane.
5. After editing the properties, type ctrl-s on your keyboard to
save the changes.
The following user-definable assembly properties are supported:
- wsDescNameLink - Attribute of the
wsdescBindings element that specifies the link to the corresponding
<webservice-description-name> in webservices.xml. You can use the
Application server toolkit to set this property following these
steps:
- Open the Web Service Bindings editor.
- Expand the Web Service Description Bindings section.
- Click Add and choose the Web services description binding
properties for which you want to apply the change.
- Click OK.
- pc-name-link - Attribute of the pcBindings element
that specifies the link to the <port-component-name> in the
webservices.xml file. You can edit these properties in the Application
server toolkit following these steps:
-
- Open the Web Services Bindings editor.
- Expand the Port Component Binding section.
- Click Add.
- Select the port_ component_ name from the drop down list in the
PC Name Link field.
- scope - Attribute of the pcBindings element
that specifies when new instances of implementation beans are created.
Possible values are Request, Session, and
Application. You can edit these properties in the Application
server toolkit following these steps:
- Open the Web Services Bindings editor.
- Expand the Port Component Binding section.
- Click Add.
- Select the implementation_scope_ name from the drop down list
in the Scope field.
The value of scope for a deployed Web Service can be changed using the
administrative console. Using application management, navigate to the Web
module of the Web service application and select Web Services
Implementation Scope.
ibm-webservicesclient-bnd.xmi properties
The ibm-webservicesclient-bnd.xmi file contains information for the Web
Services runtime that is WebSphere product-specific.
You can edit these properties using the Application server toolkit:
1. Locate the webservicesclient.xml file in the module.
2. Double-click the webservices.xml file to open the Web Services
Client editor.
3. Access the Web Services Client Bindings editor through the
Client Binding tab at the bottom of the editor pane.
4. Access the Web Services Client Port Bindings editor through
the Port Bindings tab at the bottom of the editor pane.
5. After editing the properties, type ctrl-s on your keyboard to
save the changes.
Assembly properties
The following user-definable assembly properties are supported:
- componentNameLink - Attribute of the
componentScopedRefs element that specifies the link to the corresponding
<component-scoped-refs> element in webservicesclient.xml file. You
can edit this property in the Application server toolkit:
-
- Open the Web Services Client Bindings editor.
- Expand the Component scoped references section.
- Click Add.
- Select the component scoped references defined in the
webservicesclient.xml file from the list.
- serviceRefLink - Attribute of the serviceRefs
element that specifies the link to the <service-ref-name> in the
webservicesclient.xml file. You can edit this property in the Application
server toolkit:
-
- Open the Web Services Client Bindings editor.
- Click the Services References tab.
- Click Add.
- Select the service references defined in the webservicesclient.xml
file from the list.
- deployedWSDLFile - Attribute of the serviceRefs
element is optional and permits an alternate WSDL file to be used other
than that specified in the <wsdl-file> element of
webservicesclient.xml file. If this attribute is specified, the alternate
WSDL file must be packaged in the same module and must be compatible with
the development WSDL file. The deployedWSDLFile property is used to supply
a new WSDL file containing a different endpoint URL than the original WSDL
file. You can edit this property in the Application server toolkit:
- Open the Web Services Client Bindings editor.
- Select the service references or component scoped reference
desired.
- Expand the Service reference details section.
- Click Browse on the Deployed WSDL file field.
- Select the new WSDL file.
- Click OK.
- defaultMappings element - Identifies which port
should be used for a given portType when none is explicitly selected by
the client. This element has the following attributes: portTypeNamespace,
portTypeLocalName, portNamespace, portLocalName. These attributes identify
which wsdl:port should be used for a wsdl:portType. You can edit this
property in the Application server toolkit:
-
- Open the Web Services Client Bindings editor.
- Click Default Mappings.
- Click Add.
- Edit the entries in the newly added row to establish a mapping between
a portType and port in the WSDL file. There can only be one
entry for each portType.
- Click OK.
- syncTimeout - Attribute of the portQnameBindings
element that specifies how long, in seconds, to wait for a response from a
synchronous call. You can edit this property in the Application server
toolkit:
- Create a Port Qualified Name Bindings for the port.
- Open the Web Services Client Bindings editor.
- Confirm that a service reference is selected in either the
Component scoped references or Service references
section.
- Expand the Port qualified name bindings section.
- Click Add. A new entry is now added to the Port qualified
name bindings list.
- Click the new Port qualified name bindings entry. The Web
Services Client Port Bindings editor opens.
- Expand the Port qualified name bindings details section.
- Type the namespace of the WSDL file port you want to configure,
in the Port Namespace Link field.
- Type the local_name of the WSDL file port you want to configure
in the Port Local Name Linkfield. The name displayed in the Port
qualified name bindings list is the local name of the WSDL file
port.
- Click OK.
To configure the syncTimeout property, locate the Synchronization
timeout field and enter the desired value.
- BasicAuth - Element of the portQnameBindings
element that can be used to authenticate a service client to the service
endpoint, independent of the underlying transport that includes, HTTP,
HTTPS, and JMS. Set the user ID and password attributes as needed. You can
edit this property in the Application server toolkit:
-
- Open the Web Services Client Bindings editor.
- Expand the Basic authentication section.
- Type the desired value in the User ID and Password
fields.
- Click OK.
- sslConfig - Element of the portQnameBindings
element that specifies the Secure Sockets Layer (SSL) configuration of an
HTTPS outbound request. The name attribute is the name of a SSL
configuration entry or alias defined in the SSL Configuration
Repertoire.
Note: This attribute is only used when the client is running in the
WebSphere Application Server.
You can edit this property in the Application server toolkit:
- Open the Web Services Client Bindings editor.
- Expand the SSL Configuration section.
- Type the desired value in the Name field.
- Click OK.
The values of deployedWSDLFile and the defaultMappings of a deployed Web
Service can also be changed using the administrative console. Using
application management, navigate to the Web module or EJB module of the
Web service application and select Web Services Client Bindings.
Example bindings files
The following examples demonstrate the spelling and position of the
various attributes. You cannot cut and paste these examples because they
do not contain the required ID attributes. If you add elements to a
binding file template generated by the WSDL2Java command, you must
confirm that each element has an ID attribute whose value is a unique
string. Review the template xmi files generated by the WSDL2Java
command for examples of ID strings.
Example ibm-webservices-bnd.xmi file
<com.ibm.etools.webservice.wsbnd:WSBinding xmi:version="2.0"
xmlns:xmi= ('http://www.omg.org/XMI') '
xmlns:com.ibm.etools.webservice.wsbnd="'http://www.ibm.com/websphere/appserver/schemas/5.0.2/wsbnd.xmi'>
<wsdescBindings wsDescNameLink="AddressBookService">
<pcBindings pcNameLink="AddressBook" scope="Application"/>
</wsdescBindings>
</com.ibm.etools.webservice.wsbnd:WSBinding>
Example ibm-webservicesclient-bnd.xmi file
<com.ibm.etools.webservice.wscbnd:ClientBinding xmi:version="2.0"
xmlns:xmi=('http://www.omg.org/XMI')
xmlns:com.ibm.etools.webservice.wscbnd="'http://www.ibm.com/websphere/appserver/schemas/5.0.2/wscbnd.xmi'>
<componentScopedRefs componentNameLink="myComponent ref"/>
<serviceRefs serviceRefLink="myService ref"
deployedWSDLFile="META-INF/wsdl/alternate.wsdl">
<defaultMappings portTypeLocalName="AddressBook"
portTypeNamespace="http://www.com.ibm"
portLocalName="AddressBookPort" portNamespace="http://www.com.ibm"/>
<portQnameBindings portQnameNamespaceLink="http://www.com.ibm"
portQnameLocalNameLink="AddressBookPort" syncTimeout="99">
<basicAuth userid="myId" password="myPassword"/>
<sslConfig name="mynode/DefaultSSLSettings"/>
</portQnameBindings>
</serviceRefs>
</com.ibm.etools.webservice.wscbnd:ClientBinding>
Configuring for web services client not running in an application server,
users should instead use the properties documented under bullet 3 and 4
under the section of "Configuring client-side transport level
security".
|