The WS-Policy specification enables web services to use
XML to publish their security policies either as part of the Web Services
Description Language (WSDL) file (compliant with the WS-PolicyAttachment
specification) or as a separate XML document. With the WSDL Security
Editor, you can create a security profile that uses a policy that
complies with the WS-Policy specification.
Before you begin
Before creating a security configuration, you must have
a WSDL file in your workspace.
If the security policy uses digital
certificates for encrypting or signing requests or responses, you
must have the corresponding keystore files (KS, JKS, JKECS, PKCS12,
or PEM) in your workspace.
When you import a WSDL that contains
a policy (with WS-PolicyAttachment), a security profile is automatically
generated for each operation in the WSDL security editor.
Procedure
- In the test navigator or project explorer, right-click
the WSDL file, and select Configure WSDL Security. This opens the WSDL security editor.
- Click the Security Algorithms tab. Security profiles are described by adding elements to a stack.
When a service request is sent or a response is received, each element
in the stack is applied to the message in the specified order.
- In the Security Algorithms area,
click Add to create a profile, and click Rename to change the default name.
- In the Algorithm Stack Details area,
click to add the WS-Policy element to the stack. You can also add time stamps, user-name tokens, encryption, or signatures.
- If the policy is included in the WSDL file, click Use policy included in WSDL (WS-PolicyAttachment), and
edit the WS-Policy settings as required:
- Policy
- If you are not using the WS-PolicyAttachment specification, specify
the XML policy file. Click Browse to add a
policy file from the workspace or to import a policy file.
- Signature configuration
- Select this option to specify a keystore for any signature that
is specified in the policy. Click Edit Security to
add a keystore from the workspace or to import a keystore.
- Encryption configuration
- Select this option to specify a keystore for any encryption that
is specified in the policy. Click Edit Security to
add a keystore from the workspace or to import a keystore.
- Decryption configuration
- Select this option to specify a keystore for any decryption that
is specified in the policy. Click Edit Security to
add a keystore from the workspace or to import a keystore.
- Retrieve token from security token server (WS-Trust and WS-SecureConversation)
- Select this option, and click Configure to
specify a Security Token Server (STS) to use with the policy.
- Additional properties
- Use this table to specify settings for the advanced properties
or specific implementations of the WS-Security specification. Click Add to
add a property name and to set a value.
- Check that the security profile is valid by clicking .
- Click the Algorithms by WSDL Operations tab. On this page, you can associate a security profile
with each request or response operation in the WSDL.
- In the WSDL Contents column, select
a web service request or response operation.
- In the Algorithm Stack column, select
a security profile from the list. If necessary, click << to open the stack on the Security
Algorithms page.
What to do next
After saving the security profile, the
Web Service Protocol Data view
displays the result of the security profile on the XML data of the web service.