The response sender defines the security
requirements of
the SOAP response message. The security handler acts on the security
constraints that are defined for the response in the IBM® extension
deployment descriptors.
Important: There
is an important distinction between Version
5.x and Version 6.0.x and later applications. The information
in this article supports Version 5.x applications only that
are used with WebSphere® Application Server Version 6.0.x and
later. The information does not apply to Version 6.0.x and
later applications.
The IBM extension
deployment descriptors are located
in the
ibm-webservices-ext.xmi file and the bindings,
located in the
ibm-webservices-bnd.xmi file.
The security handler signs, encrypts, or generates the time stamp
for the SOAP response message before the response is send to the caller.
- Integrity constraints (digital signature)
- You
can select which parts of the message are digitally signed.
- Confidentiality
(encryption)
- You can encrypt the body content of the message.
- Time stamp
- You can have a time stamp
for checking the timeliness of the message.
The
security constraints that apply to the SOAP response message
must match the security requirements defined in the response receiver.
Otherwise, the response is rejected by the response receiver (caller).