You can configure the request and response token policies
that are part of the WS-Security policy using the administrative console.
Message requests token policies are applied to requests and enforced
on responses to support both quality and interoperability.
Before you begin
You can configure some settings for the policies within your
policy sets. The default policy sets provided in the product cannot
be edited. You must create a copy of the default policy set or create
a completely new policy set in order to specify the policies for it.
About this task
Use this administrative console task to define policies
that specifically support security tokens and properties.
Dependendo da função de segurança designada quando a segurança
é ativada, é possível não ter acesso aos campos de entrada de texto ou botões para
criar ou editar dados de configuração. Reveja a documentação das funções administrativas para
aprender mais sobre as funções válidas do servidor de aplicativos.
Procedure
- Click Services > Policy sets > Application policy
sets > policy_set_name > WS-Security policy.
- Click one of the following links:
- Main policy or
- Bootstrap policy
- Click the Main policy link to specify how message security policies
are applied to requests and enforced on responses to support interoperability.
- Click the Bootstrap policy link to configure how secure conversations
are established. A bootstrap policy might already be configured. If
no bootstrap policy is currently configured, first ensure that you
have enabled message security with symmetric signature and encryption
policies and secure conversation tokens for both integrity and confidentiality
protection. See Configuring the WS-Security policy.
- Click Request token policies under Request Policies
or Response token policies under Response Policies. Use this
to panel to define policies that specify which types of security tokens
are supported for the properties of each token type.
Results
Once you have customized the WS-Security policy with the associated
properties, including the request and response token policies, you
can then send and receive protect messages.