The Web services security model used by WebSphere Application Server is the declarative model. WebSphere Application Server does not include any application programming interfaces (APIs) for programmatically interacting with Web services security. However, a few Server Provider Interfaces (SPIs) are available for extending some security-related behaviors.
The security constraints for Web services security are specified in IBM deployment descriptor extensions for Web services. The Web services security run time acts on the constraints to enforce Web services security for the Simple Object Access Protocol (SOAP) message. The scope of the IBM deployment descriptor extension is at the enterprise bean (EJB) or Web module level. Bindings are associated with each of the following IBM deployment descriptor extensions:
It is recommended that you use the tools provided by IBM (the Assembly Toolkit and WebSphere Studio Application Developer) to create the IBM deployment descriptor extension and bindings. After the bindings are created, you can use the administrative console, the Assembly Toolkit, or the WebSphere Studio Application Developer to specify the bindings.
Important: The binding information is collected after application deployment rather than during application deployment. The alternative is to specify the required binding information before deploying your application.
The Web services security run time enforces Web services security based on the defined security constraints in the deployment descriptor and binding files. Web services security has the following four points where it intercepts the message and acts on the security constraints defined:
Message points | Description |
---|---|
Request sender (defined in the ibm-webservicesclient-ext.xmi and ibm-webservicesclient-bnd.xmi files) |
|
Request receiver (defined in the ibm-webservices-ext.xmi and ibm-webservices-bnd.xmi files) |
|
Response sender (defined in the ibm-webservices-ext.xmi and ibm-webservices-bnd.xmi files) |
|
Response receiver (defined in the ibm-webservicesclient-ext.xmi or ibm-webservicesclient-bnd.xmi files) |
|