In the platform configuration, general properties
and additional
properties can be specified, and the default binding is included.
You can configure security for web services at a platform level with
a variety of tasks including configuring key locators, trust anchors,
and the collection certificate at the generator, consumer binding,
and sever levels.
Before you begin
Best practice: IBM® WebSphere® Application Server supports the Java API for XML-Based Web Services (JAX-WS)
programming model and the Java API for XML-based RPC (JAX-RPC) programming model. JAX-WS is the
next generation web services programming model extending the foundation
provided by the JAX-RPC programming model. Using the strategic JAX-WS
programming model, development of web services and clients is simplified
through support of a standards-based annotations model. Although
the JAX-RPC programming model and applications are still supported,
take advantage of the easy-to-implement JAX-WS programming model to
develop new web services applications and clients. bprac
Besides the application-level constraints,
there is a server-level Web Services Security (WSS) configuration
called a platform-level configuration:
- These configurations are global for
all applications and include
some configurations only for WebSphere Application Server Version 5.x applications
and some only for version 6.0.x applications.
- You can
use the default binding as an application-level binding
configuration so that applications do not have to define the binding
in the application. There is only one set of default bindings that
can be shared by multiple applications. This set is only available
for WebSphere Application Server Version
6.x applications.
Therefore, binding configuration files
can be specified at these levels: application and server. Each binding
configuration overrides the next higher one. For any deployed application,
the nearest configuration binding is applied. The visibility scope
of the binding depends on where the file is located. If the binding
is defined in an application, its visibility is scoped to that particular
application. If it is located at the server level, the visibility
scope is all applications that are deployed on that server.
About this task
To ensure Web
Services Security at the platform level,
you can configure:
- A nonce on
the server level
- The key locator for
the generator
or consumer binding on the application level or at the server level
- Trust anchors for the generator or
consumer binding on the application level or at the server level
- The collection certificate store
for the generator or consumer binding on the application level or
server level
- Trusted ID evaluators on
the server
level
- Hardware cryptographic devices for Web Services Security
- The rrdSecurity.props property
file
Procedure
- To configure a nonce
on the server level, see the steps in Configuring a nonce on the server level
- To configure the key locator for the generator binding
on the application level, see the steps in Configuring the key locator using JAX-RPC for the generator binding on the application level
- To configure the key locator for the consumer binding on
the application level, see the steps in Configuring the key locator using JAX-RPC for the consumer binding on the application level
- To configure the key locator on the server level, see the steps in Configuring the key locator using JAX-RPC on the server level
- To configure trust anchors for the generator binding on
the application level, see the steps in Configuring trust anchors for the generator binding on the application level
-
To configure trust anchors for the consumer binding on
the application level, see the steps in Configuring trust anchors for the consumer binding on the application level
-
To configure trust anchors on the server level, see the steps in Configuring trust anchors on the server level
- To configure the collection
certificate store for the generator
binding on the application level, see the steps in Configuring the collection certificate store for the generator binding on the application level
-
To configure the collection certificate store for the consumer
binding on the application level, see the steps in Configuring the collection certificate store for the consumer binding on the application level
-
To configure the collection certificate on the server level, see the steps in Configuring the collection certificate on the server level
- To configure trusted ID evaluators on the server level, see the steps in Configuring trusted ID evaluators on the server level
- To enable hardware cryptographic devices for Web Services
Security, see the steps in Enabling hardware cryptographic devices for Web Services Security
- To work with the rrdSecurity.props file,
see rrdSecurity.props file
Results
By completing these steps, you have configured
Web Services
Security at the platform level.