Using a security policy

The WS-Policy specification allows web services to use XML to publish their security policies either as part of the Web Services Description Language (WSDL) file (compliant with the WS-PolicyAttachment specification) or as a separate XML document. With the WSDL Security Editor, you can create a security profile that uses a policy that complies with the WS-Policy specification.

Before you begin

Before creating a security configuration, you must have a Web Services Description Language (WSDL) file in your workspace.

If the security policy uses digital certificates for encrypting or signing requests or responses, you must have the corresponding key store files (*.jks, *.jceks, or *.ks) in your workspace.

Procedure

  1. In the test navigator or project explorer, right-click the WSDL file and select Configure WSDL Security. This opens the WSDL security editor.
  2. Click the Security Algorithms tab. Security profiles are described by adding elements to a stack. When a service request is sent or a response is received, each element in the stack is applied to the message in the specified order.
  3. In the Security Algorithms area, click Add to create a profile, and click Rename to change the default name.
  4. In the Algorithm Stack Details area, click Add > WS-Policy to add the WS-Policy element to the stack. You can also add time stamps, user-name tokens, encryption, or signatures.
  5. If the policy is included in the WSDL file, click Use policy included in WSDL (WS-PolicyAttachment) and edit the WS-Policy settings as required:
    Policy
    If you are not using WS-PolicyAttachment, specify the XML policy file. Click Browse to add a policy file from the workspace or to import a policy file.
    Signature configuration
    Select this option to specify a keystore for any signature specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
    Encryption configuration
    Select this option to specify a keystore for any encryption specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
    Decryption configuration
    Select this option to specify a keystore for any decryption specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
    Retrieve token from security token server (WS-Trust)
    Select this option and click Configure to specify a Security Token Server (STS) to use with the policy.
    Additional properties
    Use this table to specify settings for the advanced properties or specific implementations of the WS-Security specification. Click Add to add a property name and to set a value.
  6. Check that the security profile is valid by clicking Tools > Validate Selected Algorithm.
  7. Click the Algorithms by WSDL Operations tab. This page enables you to associate a security profile with each request or response operation in the WSDL.
  8. In the WSDL Contents column, select a web service request or response operation.
  9. In the Algorithm Stack column, select a security profile from the list. If necessary, click << to open the stack on the Security Algorithms page.

What to do next

After saving the security profile, the Web Service Protocol Data view displays the effect of the security profile on the XML data of the Web service.
Related tasks
Creating a security profile for a WSDL
Adding WS-Addressing to a security configuration
Implementing a custom security algorithm