The response sender defines the security requirements of the SOAP
response message. The security handler acts on the security constraints that
are defined for the response in the IBM extension deployment descriptors.
Important: There is an important distinction between Version 5.x and
Version 6.0.x and later applications. The information in this article
supports Version 5.x applications only that are used with WebSphere
Application Server Version 6.0.x and later. The information does not
apply to Version 6.0.x and later applications.
The IBM extension deployment descriptors are located in the
ibm-webservices-ext.xmi file
and the bindings, located in the
ibm-webservices-bnd.xmi file. The
security handler signs, encrypts, or generates the time stamp for the SOAP
response message before the response is send to the caller.
- Integrity constraints (digital signature)
- You can select which parts of the message are digitally signed.
- Confidentiality (encryption)
- You can encrypt the body content of the message.
- Time stamp
- You can have a time stamp for checking the timeliness of the message.
The security constraints that apply to the SOAP response message must match
the security requirements defined in the response receiver. Otherwise, the
response is rejected by the response receiver (caller).