Web services message level security (Web Services Security or WS-Security) is a security quality of service (QoS) for web services applications. WS-Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment.
WS-Security is provided as a Liberty feature.
The WS-Security run time that is provided in the Liberty profile is
based on the Apache CXF open source services framework. The WS-Security
feature in Liberty is limited by the features and function of the
Apache CXF framework. WS-Security must be explicitly enabled by enabling
the wsSecurity-1.1 feature. Make sure you also add
the appSecurity-2.0 and jaxws-2.2 features,
and other required Liberty features to the server.xml file
of the Liberty.
WS-Security is configured by using the WS-SecurityPolicy within the WSDL file of a web service application. To protect your web service application with WS-Security, your JAX-WS application must contain a wsdl that has an embedded WS-Security policy. There must be a PolicyReference to the embedded WS-Security policy in either the wsdl:binding or wsdl:operation sections or both.