[Version 5.0.2 and later]Configuring HTTP outbound transport level security

Before you begin

The HTTP outbound transport-level security for a Web service is based on the Secured Sockets Layer (SSL) configuration of the WebSphere Application Server Web container. Review HTTP transport collection for more information.

Why and when to perform this task

To configure HTTP outbound transport-level security, complete the following steps:

Steps for this task

  1. Configure the HTTP outbound transport-level security settings.
    • Use either the WebSphere Application Server administrative console or the Assembly Toolkit to configure the HTTP outbound transport-level security for a Web Service acting as a client to another Web service.
      • Before installing the Web services application, use the Assembly Toolkit to configure the HTTP SSL Configuration in the Web Services Client Port Binding page. The Web Services Client Port Binding page is available after double-clicking the webservicesclient.xml file.
      • After installing the Web services application, use the administrative console to configure the Web services client security binding collection. To access the collection, complete the following steps:
        1. Click Applications > Enterprise Applications.
        2. Under Related Items, click either Web Modules or EJB Modules.
        3. Click the name of the URI.
        4. Under Additional Properties, click Web Services: Client Security Bindings.
        5. Click HTTP Basic Authentication. Enter the values in the HTTP Basic Authentication panel.

      Note: If the HTTP outbound transport-level security settings are not configured, the default Secure Sockets Layer (SSL) settings for the Java Secure Socket Extension (JSSE) file are used.

    • Use the properties to configure the HTTP outbound transport-level security for a Web service client.
      1. Create a property file that includes the following properties:
        com.ibm.ssl.protocol
        com.ibm.ssl.keyStoreType
        com.ibm.ssl.keyStore
        com.ibm.ssl.keyStorePassword
        com.ibm.ssl.trustStoreType
        com.ibm.ssl.trustStore
        com.ibm.ssl.trustStorePassword
      2. Set the com.ibm.webservices.sslConfigURL Java system property to the absolute path of the created property file.

      Note: If the outbound transport-level security is not configured, the default SSL settings of the JSSE file are used.

  2. (Optional)   Accept the redirection of HTTP request to a different URI in HTTPS.
    A redirection of the HTTP request to a different URI in HTTPS can occur if the transport guarantee of CONFIDENTIAL or INTEGRAL is configured in the application. To accept the redirection, you can do either of the following tasks:
    • Set the com.ibm.ws.webservices.HttpRedirectEnabled Java system property to true.
    • Programmatically set the com.ibm.wsspi.webservices.Constants.HTTP_REDIRECT_ENABLED property to true in the stub or call object before invoking the service.

Related concepts
HTTP basic authentication
Related tasks
Securing Web services based on WS-Security
Related reference
HTTP SSL configuration collection



Searchable topic ID:   twbs_configclienttransportsec
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/twbs_configclienttransportsec.html

Library | Support | Terms of Use | Feedback