Create a new WS-Security binding for use with service integration
bus-deployed Web services. You use WS-Security bindings to secure
the SOAP messages that pass between service requesters (clients) and
inbound services, and between outbound services and target Web services.
Before you begin
Use this option to create WS-Security
bindings that comply with the Web Services Security (WS-Security)
1.0 specification.
Use this option
to create WS-Security bindings that comply with either the
Web Services Security (WS-Security)
1.0 specification, or the previous WS-Security specification,
WS-Security Draft 13 (also known as the Web Services Security Core
Specification).
Deprecation note: Use
of WS-Security Draft 13 is deprecated in WebSphere® Application Server Version 6,
and you should only use it to enable inter-operation between applications
running in WebSphere Application
Server Version 5 and Version 6, or to allow continued use of an existing
Web services client application that has been written to the WS-Security
Draft 13 specification.
This topic assumes that you have got,
from the owning parties, the WS-Security bindings for the client
(in the case of an inbound service) and the target Web service (in
the case of an outbound service).
You can only use WS-Security with Web service applications that comply with the Web services for Java™ 2 Platform, Enterprise Edition (J2EE) or Java Specification Requirements (JSR) 109 specification. For information about how to make your Web service applications JSR-109 compliant, see Developing and deploying Web services clients.
About this task
WS-Security bindings provide the information that the
run-time environment needs to implement the WS-Security
configuration (for example "To sign the body, use this key"),
You receive this security binding information direct from the service
requester or target service provider, in the form of an ibm-webservicesclient-bnd.xmi file
for the client, and an ibm-webservices-bnd.xmi file
for the target Web service. You extract the information from these .xmi files,
then manually enter it into the WS-Security bindings forms.
Bindings
are administered independently from any Web service that uses them,
so you can create a binding then apply it to many Web services.
WebSphere Application Server
also includes a set of default WS-Security binding objects. However
if you are using either of the single server products WebSphere Application Server or WebSphere Application Server Express™,
then these default bindings are configured within the application
server (under the administrative console option server_name [Configuration tab, Security
section] )
and are not available for use with service integration technologies-enabled
Web services.
Unlike
most other configuration objects, when you create a WS-Security binding
you can only define its basic aspects. To define the binding details
you need to save the new binding, then reopen it for modification
as described in Modifying
an existing WS-Security binding.
To create a new WS-Security
binding, complete the following steps:
Procedure
- Start the administrative console.
- In the navigation pane, click .
The WS-Security
bindings collection form is displayed.
- Click New. The
New WS-Security binding wizard is displayed.
- Use the wizard to assign the following general properties:
- Select the version of the WS-Security
specification. Set this option to either Draft 13 (for
a binding that complies with the WS-Security Draft 13 specification)
or 1.0 (for a binding that complies with the Web Services Security (WS-Security)
1.0 specification.
Deprecation note: The
WS-Security Draft 13 specification is deprecated in WebSphere Application Server Version 6,
and you should only use it to enable inter-operation between applications
running in WebSphere Application
Server Version 5 and Version 6, or to allow continued use of an existing
Web services client application that has been written to the WS-Security
Draft 13 specification.
- Specify the binding type.
Set this option
to one of the following binding types:
- request consumer, for use when consuming requests from a client to an inbound service.
- request generator, for use when generating requests from an outbound service to a target Web service.
- response consumer, for use when consuming responses from a target Web service to an outbound service.
- response generator, for use when generating responses from an inbound service to a client.
For WS-Security Version 1.0:
- request consumer, for use when consuming requests from a client to an inbound service.
- request generator, for use when generating requests from an outbound service to a target Web service.
- response consumer, for use when consuming responses from a target Web service to an outbound service.
- response generator, for use when generating responses from an inbound service to a client.
For WS-Security Draft 13:
- request receiver, for use when receiving requests from a client to an inbound service.
- request sender, for use when sending requests from an outbound service to a target Web service.
- response receiver, for use when receiving responses from a target Web service to an outbound service.
- response sender, for use when sending responses from an inbound service to a client.
- Specify the WS-Security binding.
Give
a name to this binding. This name must be unique and it must follow
the following syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \
/ , # $ @ : ; " * ? < > | = + & % '
(WS-Security 1.0 bindings only.
Optional.) Select the Use defaults check box
to create a convenient default binding for use in a development and
test environment. If you select this option, the binding uses the WebSphere Application Server
default set of binding information rather than any custom information
that you might subsequently add. Note however that this default binding
is by definition insecure, and is not for production use. You can
also select or clear this check box when you modify
an existing WS-Security binding.
Note: If you are creating
a WS-Security 1.0 request generator binding, the Web address for the
WS-Security 1.0 namespace is displayed in a drop-down list. This is
the namespace used by WS-Security 1.0 to send a request, and you should
not need to change this value. The other values included in the drop-down
list refer to namespaces used by earlier versions of the WS-Security
draft specification, and are included for compatibility.
- Click Finish. The
general properties for this item are saved.
Results
If the processing completes successfully, the list of WS-Security
bindings is updated to include the new binding. Otherwise, an error
message is displayed.