You can migrate the Web services security client-side extensions
configuration for a Java 2 Platform, Enterprise Edition (J2EE) Version 1.3
application to a J2EE Version 1.4 application.
About this task
The following table lists the mappings of the top-level sections
under the client-side
Security Extensions tab for Web services security
from a J2EE Version 1.3 application to a J2EE Version 1.4 application.
Table 1. The mapping of the configuration sections
J2EE Version 1.3 security extensions for Web services
security |
J2EE Version 1.4 extensions for Web services security |
Request Sender Configuration |
Request Generator Configuration |
Response Receiver Configuration |
Response Consumer Configuration |
Consider the following steps to migrate the client-side extensions
configuration from a J2EE Version 1.3 application to a J2EE Version 1.4 application.
These steps are dependent upon your specific configuration. The steps are
based on typical scenarios, but the steps are not all-inclusive.
Procedure
- Migrate the message parts that you need to sign or encrypt from
the Integrity and Confidentiality sections in the J2EE Version 1.3 application
to the Integrity and Confidentiality sections on the WS Extensions tab
in an assembly tool for a J2EE Version 1.4 application.
- Configure the Security Token section under the Request Generator
Configuration on the WS Extensions tab if Login Config section is configured
in the J2EE Version 1.3 extensions configuration. When you configure
the security token, select the token type in the Token type field that matches
the authentication method value of the Login Config in the J2EE Version 1.3
application. For example, if the authentication method in the J2EE Version
1.3 extensions configuration is BasicAuth, then select Username in
the Token type field within the assembly tool. For more information on how
the authentication methods for Web services security map from a J2EE Version
1.3 application to a J2EE Version 1.4 application, see Authentication method to token type mappings.
If the authentication method is IDAssertion, there is no action required because
in a J2EE Version 1.4 application the identity assertion configuration is
not required in the client-side extensions configuration. In a J2EE Version
1.4 application, the identity assertion configuration is specified in the
server-side extensions configuration and in the client-side bindings configuration.
- Migrate the Required Integrity and Required Confidentiality sections
by configuring the Required Integrity and Required Confidentiality sections
in an assembly tool. Migrating the Response Receiver Configuration
section is similar to migrating the Request Receiver Service Configuration
Details section of the server-side extensions configuration. For more information,
see Migrating the server-side extensions configuration.
- Migrate the nonce configuration in the Login Config section in
a J2EE Version 1.3 extensions configuration for Web services security to a
J2EE Version 1.4 application.
Important: Nonce is not
configured in a J2EE Version 1.4 extension file for Web services security.
Rather, it is configured in the binding file for Web services security.
To
configure a nonce in the binding file, define the com.ibm.wsspi.wssecurity.token.username.addNonce
property in the token generator of the username token.
- Configure the Add Timestamp section under the Request Generator
Configuration in the assembly tool if the Add Created Time Stamp option
is configured in the J2EE Version 1.3 extensions.
Results
This set of steps describe the types of information that you need
to migrate the client-side extensions configuration for Web services security
for a J2EE Version 1.3 application to a J2EE Version 1.4 application.
What to do next
Migrate the server-side bindings configuration for a J2EE Version
1.3 application to a J2EE Version 1.4 application. For more information, see
Migrating the server-side bindings file.