The security handler on the request sender
side of the
SOAP message enforces the security constraints, located in the ibm-webservicesclient-ext.xmi file,
and bindings, located in the ibm-webservicesclient-bnd.xmi
file. These constraints and bindings apply both to Java Platform, Enterprise Edition (Java EE) application clients or when web services
are acting as a client. The security handler acts on the security
constraints before sending the SOAP message. For example, the security
handler might digitally sign the message, encrypt the message, create
a time stamp, or insert a security token.
Important: There
is an important distinction between Version
5.x and Version 6 and later applications. The information in
this article supports Version 5.x applications only that are
used with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6 and later applications.
The security handler on the request sender side of the SOAP message
enforces the security constraints, located in the
ibm-webservicesclient-ext.xmi file,
and the bindings, located in the
ibm-webservicesclient-bnd.xmi file.
These constraints and bindings apply both to Java Platform,
Enterprise Edition (Java EE)
application clients or when web services are acting as a client. The
security handler acts on the security constraints before sending the
SOAP message. Request sender security constraints must match the security
constraint requirements defined in the request receiver. For example,
the security handler might digitally sign the message, encrypt the
message, create a time stamp, or insert a security token. You can
specify the following security requirements for the request sender
and apply them to the SOAP message:
- Integrity (digital
signature)
- You can select multiple parts of a message to sign
digitally.
The following list contains the integrity options:
- Body
- Time
stamp
- Security token
- Confidentiality
(encryption)
- You can select multiple parts of a message to
encrypt. The following
list contains the confidentiality options:
- Body content
- Username
token
- Security token
- You
can insert only one token into the message. The following
list contains the security token options:
- Basic authentication,
which requires both a user name and a password
- Identity assertion,
which requires a user name only
- X.509 binary security token
- Lightweight Third Party Authentication (LTPA) binary security
token
- Custom token , which is pluggable and supports custom-defined
tokens in the SOAP message
- Timestamp
- You can have a time stamp to indicate the timeliness of the message.