You can configure the encryption information for the server-side
and client-side bindings by using an assembly tool. The request generator
is configured for the client, and the response generator is configured for
the server.
About this task
The encryption information on the generator side is used for encrypting
an outgoing SOAP message. You can configure the encryption information for
the generator binding by using an assembly tool.
Complete the following
steps. You must configure either the client-side bindings in step 2 or the
server-side bindings in step 3.
Procedure
- Start the assembly tool.
- Switch to the Java 2 Platform, Enterprise Edition (J2EE) perspective.
Click Window > Open Perspective > J2EE.
- Optional: Locate the client-side bindings using the
Project Explorer window. The Client Deployment Descriptor window
is displayed. This Web service contains the bindings that you must configure.
Complete the following steps to locate the client-side bindings:
- Expand the Web Services > Client section and double-click
the name of the Web service.
- Click the WS Binding tab and expand the Security Request
Generator Binding Configuration section.
- Optional: Locate the server-side bindings using the
Project Explorer window. The Web Services Editor window is displayed.
This Web service contains the bindings that you must configure. Complete the
following steps to locate the server-side bindings:
- Expand the Web Services > Services section and double-click
the name of the Web service.
- Click the Binding Configurations tab and expand the Response
Generator Binding Configuration Details section.
- Expand the Encryption Information section and click Add to
add a new entry or select an existing entry and click Edit. The
Encryption Information Dialog window is displayed. Complete the following
steps to specify an encryption information configuration:
- Specify a name for the encryption information configuration
in the Encryption name field. For example, you might specify gen_encinfo.
- Optional: Select Show only
FIPS Compliant Algorithms if you want only the FIPS compliant algorithms
to be shown in the encryption method algorithm drop-down lists. Use this option
if you expect this application to run on a WebSphere Application Server that
has set the Use Federal Information Processing Standard (FIPS) option
in the Global security panel of the administrative console for WebSphere Application
Server.
- Select a data encryption algorithm from the Data encryption
method algorithm field. This specifies the algorithm used to encrypt
parts of the message. The following pre-configured algorithms are supported:
This algorithm must match the data encryption algorithm that is configured
for the consumer. For more information on configuring the encryption information
for the consumer, see Configuring encryption information for the consumer binding with an
assembly tool
.
- Select a key encryption algorithm from the Key encryption method
algorithm field. This algorithm is used to encrypt the keys. The
following pre-configured algorithms are supported:
Select the blank entry if the data encryption key, which is the key
that is used for encrypting the message parts, is not encrypted. The key encryption
algorithm for the generator and the consumer must match. For more information
on configuring the encryption information for the generator, see Configuring encryption information for the generator binding with an
assembly tool
.
- Specify a name in the Key information name field. For
example, you might specify gen_ekeyinfo.
- Select a key information element in the Key information element
field. The value in this field references the key information configuration
that you specified previously. If you have a key information configuration
called gen_enckeyinfo that you want to use with this encryption information
configuration, specify get_enckeyinfo in the Key information element
field. For more information, see Configuring key information for the generator binding with an assembly
tool
.
- Select a confidentiality part in the Confidentiality part field.
The value in this field specifies the name of the confidentiality element
that is encrypted.
- Click OK to save your encryption information configuration.