The Web Services Security specification provides a flexible framework for building secure web services to implement message content integrity and confidentiality. The Web Services Security service programming model supports this flexible framework by providing extension points to integrate new token formats, and methods to obtains keys needed for message protection. The application server programming model provides Web Services Security programming application programming interfaces (WSS API) for securing SOAP messages.
You can configure HTTP basic authentication for Java API for XML-based RPC (JAX-RPC) web services by programmatically modifying HTTP properties.
JAX-WS applications can be secured with Web Services Security in one of two ways. The application can be secured using policy sets, or through the use of the Web Services Security API (WSS API). The WSS API can only be used to secure a JAX-WS client application. The Web Services Security service programming interface (WSS SPI) provides additional programming interfaces for securing web services.
IBM® WebSphere® Application Server supports the Java™ API for XML-Based Web Services (JAX-WS) programming model and the Java API for XML-based RPC (JAX-RPC) programming model.
Several Service Provider Interfaces (SPIs) are provided to extend the capability of the Web Services Security runtime.