Setting Java API to use Web Services with Secure Socket Layers (SSL) connection between servers.
 Technote (troubleshooting)
 
This document applies only to the following language version(s):
US English
 
Problem(Abstract)
This document provides an example of a deployment descriptor for a Web Service with SSL configuration in order to make http(s) calls using the Java™ API from one WebSphere® Application Server host to another.
 
Resolving the problem
The SSL configuration of the Web Service client-side transport security is based on the WebSphere SSL configuration model. Understanding the WebSphere SSL configuration model is required in order to configure successfully. Use the following steps to set up client-side transport security for Web Services running on a WebSphere Application Server.
Ÿ First configure an SSL alias using the SSL configuration repertoire that is part of WebSphere Security Configuration model. (See section titled "Creating a secure sockets layer repertoire configuration entry" in the InfoCenter. Here, users can configure the keystore and truststore.)

Ÿ Next, to configure the Web Services outbound transport security for the Web Services application server, define the SSL alias name in the deployment descriptor using the Assembly Toolkit (ATK). The steps are documented under section of "Web services assembly properties" in InfoCenter.

5.0.2 Web services assembly properties

ibm-webservices-bnd.xmi properties

The ibm-webservices-bnd.xmi file is a deployment descriptor for a Web Services-enabled Web module or Enterprise JavaBean (EJB) module. It contains information for the Web Services runtime that is either WebSphere product-specific or is not specified by Web Services for Java 2 Enterprise Edition (J2EE).

You can edit these properties using the Application server toolkit. The Application server toolkit replaces the Application Assembly Tool (AAT). It is a the tool available with the Application Server Toolkit product. To edit the properties:

1. Locate the webservices.xml file in the module.

2. Double-click the webservices.xml file to open the Web Services editor.

3. Access the Web Services Bindings editor through the Bindings tab at the bottom of the editor pane.

4. Access the Web Services Binding Configurations editor through the Binding Configurations tab at the bottom of the editor pane.

5. After editing the properties, type ctrl-s on your keyboard to save the changes.

The following user-definable assembly properties are supported:

  • wsDescNameLink - Attribute of the wsdescBindings element that specifies the link to the corresponding <webservice-description-name> in webservices.xml. You can use the Application server toolkit to set this property following these steps:
  1. Open the Web Service Bindings editor.
  2. Expand the Web Service Description Bindings section.
  3. Click Add and choose the Web services description binding properties for which you want to apply the change.
  4. Click OK.
  • pc-name-link - Attribute of the pcBindings element that specifies the link to the <port-component-name> in the webservices.xml file. You can edit these properties in the Application server toolkit following these steps:
    1. Open the Web Services Bindings editor.
    2. Expand the Port Component Binding section.
    3. Click Add.
    4. Select the port_ component_ name from the drop down list in the PC Name Link field.
  • scope - Attribute of the pcBindings element that specifies when new instances of implementation beans are created. Possible values are Request, Session, and Application. You can edit these properties in the Application server toolkit following these steps:
  1. Open the Web Services Bindings editor.
  2. Expand the Port Component Binding section.
  3. Click Add.
  4. Select the implementation_scope_ name from the drop down list in the Scope field.
The value of scope for a deployed Web Service can be changed using the administrative console. Using application management, navigate to the Web module of the Web service application and select Web Services Implementation Scope.

ibm-webservicesclient-bnd.xmi properties

The ibm-webservicesclient-bnd.xmi file contains information for the Web Services runtime that is WebSphere product-specific.

You can edit these properties using the Application server toolkit:

1. Locate the webservicesclient.xml file in the module.

2. Double-click the webservices.xml file to open the Web Services Client editor.

3. Access the Web Services Client Bindings editor through the Client Binding tab at the bottom of the editor pane.

4. Access the Web Services Client Port Bindings editor through the Port Bindings tab at the bottom of the editor pane.

5. After editing the properties, type ctrl-s on your keyboard to save the changes.

Assembly properties

The following user-definable assembly properties are supported:

  • componentNameLink - Attribute of the componentScopedRefs element that specifies the link to the corresponding <component-scoped-refs> element in webservicesclient.xml file. You can edit this property in the Application server toolkit:
    1. Open the Web Services Client Bindings editor.
    2. Expand the Component scoped references section.
    3. Click Add.
    4. Select the component scoped references defined in the webservicesclient.xml file from the list.
  • serviceRefLink - Attribute of the serviceRefs element that specifies the link to the <service-ref-name> in the webservicesclient.xml file. You can edit this property in the Application server toolkit:
    1. Open the Web Services Client Bindings editor.
    2. Click the Services References tab.
    3. Click Add.
    4. Select the service references defined in the webservicesclient.xml file from the list.
  • deployedWSDLFile - Attribute of the serviceRefs element is optional and permits an alternate WSDL file to be used other than that specified in the <wsdl-file> element of webservicesclient.xml file. If this attribute is specified, the alternate WSDL file must be packaged in the same module and must be compatible with the development WSDL file. The deployedWSDLFile property is used to supply a new WSDL file containing a different endpoint URL than the original WSDL file. You can edit this property in the Application server toolkit:
  1. Open the Web Services Client Bindings editor.
  2. Select the service references or component scoped reference desired.
  3. Expand the Service reference details section.
  4. Click Browse on the Deployed WSDL file field.
  5. Select the new WSDL file.
  6. Click OK.
  • defaultMappings element - Identifies which port should be used for a given portType when none is explicitly selected by the client. This element has the following attributes: portTypeNamespace, portTypeLocalName, portNamespace, portLocalName. These attributes identify which wsdl:port should be used for a wsdl:portType. You can edit this property in the Application server toolkit:
    1. Open the Web Services Client Bindings editor.
    2. Click Default Mappings.
    3. Click Add.
    4. Edit the entries in the newly added row to establish a mapping between a portType and port in the WSDL file. There can only be one entry for each portType.
    5. Click OK.
  • syncTimeout - Attribute of the portQnameBindings element that specifies how long, in seconds, to wait for a response from a synchronous call. You can edit this property in the Application server toolkit:
  1. Create a Port Qualified Name Bindings for the port.
  2. Open the Web Services Client Bindings editor.
  3. Confirm that a service reference is selected in either the Component scoped references or Service references section.
  4. Expand the Port qualified name bindings section.
  5. Click Add. A new entry is now added to the Port qualified name bindings list.
  6. Click the new Port qualified name bindings entry. The Web Services Client Port Bindings editor opens.
  7. Expand the Port qualified name bindings details section.
  8. Type the namespace of the WSDL file port you want to configure, in the Port Namespace Link field.
  9. Type the local_name of the WSDL file port you want to configure in the Port Local Name Linkfield. The name displayed in the Port qualified name bindings list is the local name of the WSDL file port.
  10. Click OK.
To configure the syncTimeout property, locate the Synchronization timeout field and enter the desired value.
  • BasicAuth - Element of the portQnameBindings element that can be used to authenticate a service client to the service endpoint, independent of the underlying transport that includes, HTTP, HTTPS, and JMS. Set the user ID and password attributes as needed. You can edit this property in the Application server toolkit:
    1. Open the Web Services Client Bindings editor.
    2. Expand the Basic authentication section.
    3. Type the desired value in the User ID and Password fields.
    4. Click OK.
  • sslConfig - Element of the portQnameBindings element that specifies the Secure Sockets Layer (SSL) configuration of an HTTPS outbound request. The name attribute is the name of a SSL configuration entry or alias defined in the SSL Configuration Repertoire.
Note: This attribute is only used when the client is running in the WebSphere Application Server.

You can edit this property in the Application server toolkit:
  1. Open the Web Services Client Bindings editor.
  2. Expand the SSL Configuration section.
  3. Type the desired value in the Name field.
  4. Click OK.
The values of deployedWSDLFile and the defaultMappings of a deployed Web Service can also be changed using the administrative console. Using application management, navigate to the Web module or EJB module of the Web service application and select Web Services Client Bindings.

Example bindings files
The following examples demonstrate the spelling and position of the various attributes. You cannot cut and paste these examples because they do not contain the required ID attributes. If you add elements to a binding file template generated by the WSDL2Java command, you must confirm that each element has an ID attribute whose value is a unique string. Review the template xmi files generated by the WSDL2Java command for examples of ID strings.
Example ibm-webservices-bnd.xmi file

<com.ibm.etools.webservice.wsbnd:WSBinding xmi:version="2.0" xmlns:xmi= ('http://www.omg.org/XMI') ' xmlns:com.ibm.etools.webservice.wsbnd="'http://www.ibm.com/websphere/appserver/schemas/5.0.2/wsbnd.xmi'>

<wsdescBindings wsDescNameLink="AddressBookService">

<pcBindings pcNameLink="AddressBook" scope="Application"/>

</wsdescBindings>

</com.ibm.etools.webservice.wsbnd:WSBinding>


Example ibm-webservicesclient-bnd.xmi file

<com.ibm.etools.webservice.wscbnd:ClientBinding xmi:version="2.0" xmlns:xmi=('http://www.omg.org/XMI') xmlns:com.ibm.etools.webservice.wscbnd="'http://www.ibm.com/websphere/appserver/schemas/5.0.2/wscbnd.xmi'>

<componentScopedRefs componentNameLink="myComponent ref"/>

<serviceRefs serviceRefLink="myService ref" deployedWSDLFile="META-INF/wsdl/alternate.wsdl">

<defaultMappings portTypeLocalName="AddressBook" portTypeNamespace="http://www.com.ibm" portLocalName="AddressBookPort" portNamespace="http://www.com.ibm"/>

<portQnameBindings portQnameNamespaceLink="http://www.com.ibm" portQnameLocalNameLink="AddressBookPort" syncTimeout="99">

<basicAuth userid="myId" password="myPassword"/>

<sslConfig name="mynode/DefaultSSLSettings"/>

</portQnameBindings>

</serviceRefs>

</com.ibm.etools.webservice.wscbnd:ClientBinding>

Configuring for web services client not running in an application server, users should instead use the properties documented under bullet 3 and 4 under the section of "Configuring client-side transport level security".

 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Web Services (for example: SOAP or UDDI or WSGW or WSIF)
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1156592
IBM Group: Software Group
Modified date: Feb 28, 2006