[8.5.5.8 or later]

Securing a web service by using a WS-Security policy

You can secure a Java API for XML Web Services (JAX-WS) web service by using a WS-Security policy. You can add a WS-Security policy template to your Web Services Description Language (WSDL) file.

Before you begin

Important: Applicable to Liberty, Liberty Core

You must have the JAX-WS web service WSDL file in your application. You can generate a WSDL file by using the web services wizards.

For more information about generating a WSDL file during top-down web service configuration, see Creating a Java™ bean skeleton from a WSDL document using the WebSphere® JAX-WS runtime environment.

For more information about generating a WSDL file during bottom-up web service configuration, see Creating a web service from a Java bean using the IBM® WebSphere JAX-WS runtime environment.

Procedure

  1. Right-click your JAX-WS service node in the Services folder of your application and select Configure Security Policies > Add Policy to Service WSDL....
  2. In the Web Service Security Policy window, type your policy name in the Policy Name field.
  3. Select a WS-Security policy template from the Policy Template menu.

    The Description field displays information about the WS-Security policy template that you select. For more information about WS-Security policy templates, see WS-SecurityPolicy and templates.

    For example, you can select UsernameToken with X509Token asymmetric message protection (mutual authentication).

  4. Click Next.
  5. Select a service binding.

    The WS-Security policy attaches to the service binding that you select.

  6. Click Finish.

Results

The WSDL file includes the policy reference, the WS-Security policy that you added, and the following required namespaces:

  • ws-policy
  • ws-security
  • addressing
Tip: To remove the WS-Security policy, right-click your JAX-WS service node in the Services folder of your application and select Remove Policy from Service WSDL.... This action removes the WS-Security policy from your WSDL file.
Icon that indicates the type of topic Task topic
Timestamp icon Last updated: July 17, 2017 21:58

File name: tws_securitypolicy.html