You can migrate the Web services security client-side extensions
configuration for a Java™ Platform,
Enterprise Edition (Java EE)
Version 1.3 application to a Java EE
Version 1.4 application.
About this task
The following table lists the mappings of the top-level sections
under the client-side
Security Extensions tab for Web services
security from a Java EE Version 1.3 application
to a Java EE Version 1.4 application.
Table 1. The
mapping of the configuration sections. Use the extensions
configuration information for migration.
Java EE
Version 1.3 security extensions for Web services security |
Java EE
Version 1.4 extensions for Web services security |
Request Sender Configuration |
Request Generator Configuration |
Response Receiver Configuration |
Response Consumer Configuration |
Consider the following steps to migrate the client-side
extensions configuration from a Java EE
Version 1.3 application to a Java EE
Version 1.4 application. These steps are dependent upon your specific
configuration. The steps are based on typical scenarios, but the steps
are not all-inclusive.
Procedure
- Migrate the message parts that you need to sign or encrypt
from the Integrity and Confidentiality sections in the Java EE Version 1.3 application to the Integrity
and Confidentiality sections on the WS Extensions tab in an
assembly tool for a Java EE
Version 1.4 application.
- Configure the Security Token section under the Request
Generator Configuration on the WS Extensions tab if Login Config
section is configured in the Java EE
Version 1.3 extensions configuration. When you configure
the security token, select the token type in the Token type field
that matches the authentication method value of the Login Config in
the Java EE Version 1.3 application. For example,
if the authentication method in the Java EE
Version 1.3 extensions configuration is BasicAuth, then select Username in
the Token type field within the assembly tool. For more information
on how the authentication methods for Web services security map from
a Java EE Version 1.3 application to a Java EE Version 1.4 application, see Authentication method to token type mappings.
If the authentication method is IDAssertion, there is no action required
because in a Java EE Version 1.4 application
the identity assertion configuration is not required in the client-side
extensions configuration. In a Java EE
Version 1.4 application, the identity assertion configuration is specified
in the server-side extensions configuration and in the client-side
bindings configuration.
- Migrate the Required Integrity and Required Confidentiality
sections by configuring the Required Integrity and Required Confidentiality
sections in an assembly tool. Migrating the Response Receiver
Configuration section is similar to migrating the Request Receiver
Service Configuration Details section of the server-side extensions
configuration. For more information, see Migrating the JAX-RPC server-side extensions configuration.
- Migrate the nonce configuration in the Login Config section
in a Java EE Version 1.3 extensions configuration
for Web services security to a Java EE
Version 1.4 application.
Important: Nonce is
not configured in a Java EE
Version 1.4 extension file for Web services security. Rather, it is
configured in the binding file for Web services security.
To
configure a nonce in the binding file, define the com.ibm.wsspi.wssecurity.token.username.addNonce
property in the token generator of the username token.
- Configure the Add Timestamp section under the Request Generator
Configuration in the assembly tool if the Add Created Time Stamp option
is configured in the Java EE
Version 1.3 extensions.
Results
This set of steps describe the types of information that you
need to migrate the client-side extensions configuration for Web services
security for a Java EE Version 1.3 application
to a Java EE Version 1.4 application.
What to do next
Migrate the server-side bindings configuration for a Java EE Version 1.3 application to a Java EE Version 1.4 application. For more information,
see
Migrating the server-side bindings file.