For JAX-RPC applications, WebSphere® Application Server, Network Deployment installation
uses the ws-security.xml file to define the default
binding information for Web Services Security for an entire cell.
Important: There is an important distinction
between Version 5.x and Version 6 and later applications. The
information supports Version 5.x applications only that are
used with WebSphere Application Server Version
6.0.x and later. The information does not apply to Version 6.0.x and
later applications.
In the
WebSphere Application Server, Network Deployment installation,
the
ws-security.xml file is at the cell level
and defines the default binding information for Web Services Security
for the entire cell. But each application server can have its own
ws-security.xml file
to override the cell default; similarly, each web service can override
the default in its binding files. The following list contains the
defaults defined in
ws-security.xml file:
- Trust anchors
- Identifies the trusted root certificates for signature verification.
- Collection certificate stores
- Contains certificate revocation lists (CRLs) and non-trusted certificates
for verification.
- Key locators
- Locates the keys for digital signature and encryption.
- Trusted ID evaluators
- Evaluates the trust of the received identity before identity assertion.
- Login mappings
- Contains the Java Authentication and Authorization
Service (JAAS) configurations for AuthMethod token
validation.
The Web Services Security run time reads the
configuration from the application bindings first, then tries the
server-level, and finally tries the cell level. The following figure
depicts the runtime configuration process.
Figure 1. Runtime
configuration