WebSphere Application Server Network Deployment, Version 6.0.x   Operating Systems: AIX, HP-UX, Linux, Solaris, Windows
             [TIP: Focusing the table of contents and search results]

Configuring the security bindings on a server acting as a client using the administrative console

Use the Web services client editor within an assembly tool to include the binding information, that describes how to run the security specifications found in the extensions, in the client enterprise archive (EAR) file.

About this task

Important: There is an important distinction between Version 5.x and Version 6 and later applications. The information in this article supports Version 5.x applications only that are used with WebSphere Application Server Version 6.0.x and later. The information does not apply to Version 6.0.x and later applications.

When configuring a client for Web services security, the bindings describe how to run the security specifications found in the extensions. Use the Web services client editor within an assembly tool to include the binding information in the client enterprise archive (EAR) file.

You can configure the client-side bindings from a pure client accessing a Web service or from a Web service accessing a downstream Web service. Complete the following steps to find the location in which to edit the client bindings from a Web service that is running on the server. When a Web service communicates with another Web service, you must configure client bindings to access the downstream Web service.

Procedure

  1. Deploy the Web service using the WebSphere Application Server administrative console. Click Applications > Install New Application.

    You can access the administrative console by typing http://localhost:port_number/ibm/console in your Web browser unless you have changed the port number.

    See also Installing a new application.

  2. Click Applications > Enterprise applications > application_name.
  3. Under Related Items, click either Web modules or EJB modules, depending upon which type of service is the client to the downstream service.
    • For Web modules, click the Web archive (WAR) file that you configured as the client.
    • For Enterprise JavaBeans (EJB) modules, click the Java archive (JAR) file that you configured as the client.
  4. Click the name of the WAR or JAR file.
  5. Under Additional Properties, click Web Services: Client security bindings. A table displays with the following columns:
    • Component Name
    • Port
    • Web Service
    • Request Sender Binding
    • Request Receiver Binding
    • HTTP Basic Authentication
    • HTTP SSL Configuration

    For Web services security, you must edit the request sender binding and response receiver binding configurations. You can use the defaults for some of the information at the server level and at the cell level in Network Deployment environments. Default bindings are convenient because you can configure commonly reused elements such as key locators once and then reference their aliases in the application bindings.

  6. View the default bindings for the server using the administrative console by clicking Servers > Application server > server_name. Under Additional Properties, click Web Services: Default bindings for Web services security. You can configure the following sections. These topics are discussed in more detail in other sections of the documentation.

What to do next

Important: When configuring the security request sender binding configuration, you must synchronize the information used to perform the specified security with the security request receiver binding configuration, which is configured in the server EAR file. These two configurations must be synchronized in all respects because there is no negotiation during run time to determine the requirements of the server. For example, when configuring the encryption information in the security request sender binding configuration, you must use the public key from the server for encryption. Therefore, the key locator that you choose must contain the public key from the server configuration. The server must contain the private key to decrypt the message. This example illustrates the important relationship between the client and server configuration. Additionally, when configuring the security response receiver binding configuration, the server must send the response using security information known by this client security response receiver binding configuration.
The following table shows the related configurations between the client and the server. The client request sender and the server request receiver are relative configurations that must be synchronized with each other. The server response sender and the client response receiver are related configurations that must be synchronized with each other. Note that related configurations are end points for any request or response. One end point must communicate its actions with the other end point because run time requirements are not required.
Table 1. Related configurations
Client configuration Server configuration
Request sender Request receiver
Response receiver Response sender



Related concepts
Trust anchors
Collection certificate store
Key locator
Trusted ID evaluator
Login mappings
Related tasks
Configuring the client for request signing: digitally signing message parts
Configuring the client for request signing: choosing the digital signature method
Configuring the server for request digital signature verification: Verifying the message parts
Configuring the server for request digital signature verification: choosing the verification method
Configuring the server for response signing: digitally signing message parts
Configuring the server for response signing: choosing the digital signature method
Configuring the client for response digital signature verification: verifying the message parts
Configuring the client for response digital signature verification: choosing the verification method
Configuring the client security bindings using an assembly tool
Configuring the server security bindings using an assembly tool
Configuring the server security bindings using the administrative console
Installing application files with the console
Securing Web services for Version 5.x applications using XML digital signature
Task topic    

Terms of Use | Feedback

Last updated: Mar 8, 2007 8:14:28 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/twbs_confclsecbndac.html

© Copyright IBM Corporation 2006. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)