Fix Pack 8550

Web Services Security at the message level

Web services message level security (Web Services Security or WS-Security) is a security quality of service (QoS) for web services applications. WS-Security standards and profiles describe how to provide security and protection for SOAP messages that are exchanged in a web services environment.

Fix Pack 8550 WS-Security is provided as a Liberty feature. The WS-Security run time that is provided in the Liberty profile is based on the Apache CXF open source services framework. The WS-Security feature in Liberty is limited by the features and function of the Apache CXF framework. WS-Security must be explicitly enabled by enabling the wsSecurity-1.1 feature. Make sure you also add the appSecurity-2.0 and jaxws-2.2 features, and other required Liberty features to the server.xml file of the Liberty.

WS-Security is configured by using the WS-SecurityPolicy within the WSDL file of a web service application. To protect your web service application with WS-Security, your JAX-WS application must contain a wsdl that has an embedded WS-Security policy. There must be a PolicyReference to the embedded WS-Security policy in either the wsdl:binding or wsdl:operation sections or both.


Icon that indicates the type of topic Concept topic

Terms and conditions for information centers | Feedback


Timestamp icon Last updated: Monday, 21 April 2014
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-mp&topic=cwlp_wssec_msglvl
File name: cwlp_wssec_msglvl.html