Configuring secure transmission of SOAP messages by using WS-Security

Configure service integration technologies for secure transmission of SOAP messages by using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) specification.

Before you begin

You can configure the service integration bus for secure transmission of SOAP messages by using tokens, keys, signatures and encryption in accordance with the Web Services Security (WS-Security) 1.0 specification.

Alternatively, you can configure the bus in accordance with the previous WS-Security specification, WS-Security Draft 13 (also known as the Web Services Security Core Specification).
Note:WebSphere® Application Server 6.0 版中,已淘汰「WS-Security 初稿 13」的使用。「WS-Security 初稿 13」已淘汰,它只應該用在容許繼續使用遵循「WS-Security 初稿 13」規格來撰寫的現有 Web 服務用戶端應用程式。

您只能搭配符合 Web Services for Java™ Platform、Enterprise Edition (Java EE) Java Specification Requirements (JSR) 109 規格的 Web 服務應用程式,來使用 WS-Security。 如需相關資訊,請參閱Web Services Security and Java Platform, Enterprise Edition security relationship。如需如何使 Web 服務應用程式符合 JSR-109 標準的相關資訊,請參閱實作 JAX-RPC Web 服務用戶端Implementing static JAX-WS web services clients

About this task

To protect a service integration bus-deployed web service, you can apply the following types of WS-Security resource to the inbound or outbound ports that the service uses:
  • WS-Security bindings.
  • WS-Security configurations.

The configurations resource type specifies the level of security that you require (for example "The body must be signed"), and the bindings resource type provides the information that the run-time environment needs to implement the configuration (for example "To sign the body, use this key"),

When you associate a WS-Security resource with a port, you choose from a list of WS-Security resources that you have previously configured as described in the following topics:

Procedure

What to do next

Note: You can associate any binding with any configuration, so you must ensure that you choose a valid combination. You can also configure various WS-Security binding objects at the cell level, as described in Default bindings and runtime properties for Web Services Security. You can then use these binding objects when configuring bindings for use with your inbound and outbound ports. For example you can use a trust anchor that is defined at cell level when you are defining the signing information for a service integration binding object.

For an overview of how WS-Security is applied to service integration bus-deployed web services, see Service integration technologies and WS-Security. For detailed information about how WS-Security is implemented in WebSphere Application Server, see Web 服務訊息層次安全的標準和程式設計模型概觀. For more information about the WS-Security standard, see the Web Services Security (WS-Security) 1.0 specification.


指出主題類型的圖示 作業主題



時間戳記圖示 前次更新: July 9, 2016 11:16
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=tjw_wss
檔名:tjw_wss.html