Web Services Security configuration considerations

To secure web services for WebSphere® Application Server, you must specify several different configurations. Although there is not a specific sequence in which you must specify these different configurations, some configurations reference other configurations.

最佳作法 最佳作法: IBM® WebSphere Application Server 支援 Java™ API for XML 型 Web 服務 (JAX-WS) 程式設計模型和 Java API for XML 型 RPC (JAX-RPC) 程式設計模型。JAX-WS 是延伸 JAX-RPC 程式設計模型所提供之基礎的下一代 Web 服務程式設計模型。 當使用策略性 JAX-WS 程式設計模型時,透過支援標準型註釋模型,簡化了 Web 服務和用戶端的開發工作。 雖然仍支援 JAX-RPC 程式設計模型和應用程式,但請利用易於實作的 JAX-WS 程式設計模型來開發新的 Web 服務應用程式和用戶端。best-practices

You can configure Web Services Security on the application level, server level, and the cell level. The following table shows an example of the relationships between each of the configurations that apply to just the application, to an entire server, or to the entire cell. However, the requirements for the bindings depend upon the deployment descriptor. Some binding information depends upon other information in the binding or server and cell-level configuration. Within the table, the configurations in the Referenced configurations column are referenced by the configuration listed in the Configuration name column. For example, the token generator on the application-level for the request generator references the collection certificate store, the nonce, time stamp, and callback handler configurations.

Table 1. The relationship between the configurations.. Use the table to determine the mapping between the configurations and the level of Web Services Security.
Configuration level Configuration name Referenced configurations
Application-level request generator Token generator
  • Collection certificate store
  • Nonce
  • Timestamp
  • Callback handler
Application-level request generator Key information
  • Key locator
  • Key name
  • Token
Application-level request generator Signing information
  • Key information
Application-level request generator Encryption information
  • Key information
Application-level request consumer Token consumer
  • Trust anchor
  • Collection certificate store
  • Trusted ID evaluators
  • Java Authentication and Authorization Service (JAAS) configuration
Application-level request consumer Key information
  • Key locator
  • Token
Application-level request consumer Signing information
  • Key information
Application-level request consumer Encryption information
  • Key information
Application-level response generator Token generator
  • Collection certificate store
  • Callback handler
Application-level response generator Key information
  • Key locator
  • Token
Application-level response generator Signing information
  • Key information
Application-level response generator Encryption information
  • Key information
Application-level response consumer Token consumer
  • Trust anchor
  • Collection certificate store
  • JAAS configuration
Application-level response consumer Key information
  • Key locator
  • Key name
  • Token
Application-level response consumer Signing information
  • Key information
Application-level response consumer Encryption information
  • Key information
Server-level default generator bindings Token generator
  • Collection certificate store
  • Callback handler
Server-level default generator bindings Key information
  • Key locator
  • Token
Server-level default generator bindings Signing information
  • Key information
Server-level default generator bindings Encryption information
  • Key information
Server-level default consumer bindings Token consumer
  • Trust anchor
  • Collection certificate store
  • Trusted ID evaluator
  • JAAS configuration
Server-level default consumer bindings Key information
  • Key locator
  • Token
Server-level default consumer bindings Signing information
  • Key information
Server-level default consumer bindings Encryption information
  • Key information
Cell-level default generator bindings Token generator
  • Collection certificate store
  • Callback handler
Cell-level default generator bindings Key information
  • Key locator
  • Token
Cell-level default generator bindings Signing information
  • Key information
Cell-level default generator bindings Encryption information
  • Key information
Cell-level default consumer bindings Token consumer
  • Trust anchor
  • Collection certificate store
  • Trusted ID evaluator
  • JAAS configuration
Cell-level default consumer bindings Key information
  • Key locator
  • Token
Cell-level default consumer bindings Signing information
  • Key information
Cell-level default consumer bindings Encryption information
  • Key information

When multiple applications will use the same binding information, consider configuring the binding information on the server or cell level. For example, you might have a global key locator configuration that is used by multiple applications. Configuration information for the application-level precedes similar configuration information on the server-level and the cell level.


指出主題類型的圖示 參照主題



時間戳記圖示 前次更新: July 9, 2016 11:14
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rwbs_wssconfigconsiderations
檔名:rwbs_wssconfigconsiderations.html