Transforms configuration settings
Use this page to specify the transform algorithm that is used for processing the Web Services Security message.
This administrative console page applies only to Java™ API for XML-based RPC (JAX-RPC) applications.
To view this administrative console page for the
cell level, complete the following steps:
- Click .
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer Bindings, click .
- Under Additional properties, click .
- Under Additional properties, click Transforms.
- Click New to create a transform configuration or click the name of an existing configuration to modify its settings.
To view this administrative console page for the server
level,
complete the following steps:
- Click .
- Under Security, click JAX-WS and JAX-RPC security runtime.
Mixed-version environment: In a mixed node cell with a server using WebSphere® Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.mixv
- Under JAX-RPC Default Generator Bindings or JAX-RPC Default Consumer Bindings, click .
- Under Additional properties, click .
- Under Additional properties, click Transforms.
- Click New to create a transform configuration or click the name of an existing configuration to modify its settings.
To
view this
administrative console page for the application level, complete the
following steps. This option is available for Version 6.x applications
only.
- Click .
- Click .
- Under Web Services Security Properties, you can access the transforms
information for the following bindings:
- For the Request generator (sender) binding, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom.
- For the Request consumer (receiver) binding, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom.
- For the Response generator (sender) binding, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom.
- For the Response consumer (receiver) binding, click Web services: Client security bindings. Under Request consumer (receiver) binding, click Edit custom.
- Under Required properties, click .
- Under Additional properties, click .
- Click New to create a transform configuration or click the name of an existing configuration to modify its settings.
You must specify a transform name and select a transform algorithm before specifying additional properties.
Transform name
Specifies the name that is assigned to the transform algorithm.
Transform algorithm
Specifies the algorithm Uniform Resource Identifier (URI) of the transform algorithm.
This product supports
the following algorithms:
- http://www.w3.org/2001/10/xml-exc-c14n#
- This algorithm specifies the World Wide Web Consortium (W3C) Exclusive Canonicalization recommendation.
- http://www.w3.org/TR/1999/REC-xpath-19991116
- This algorithm specifies the W3C XML path language recommendation.
If you specify this algorithm, you must specify the property name
and value by clicking Properties, which is displayed under
Additional properties. For example, you might specify the following
information:
- Property
- com.ibm.wsspi.wssecurity.dsig.XPathExpression
- Value
- not(ancestor-or-self::*[namespace-uri()='http://www.w3.org/2000/09/xmldsig#' and local-name()='Signature'])
Note: Do not use this transform algorithm if you want your configured application to be compliant with the Basic Security Profile (BSP). Instead use http://www.w3.org/2002/06/xmldsig-filter2 to ensure compliance. - http://www.w3.org/2002/06/xmldsig-filter2
- This algorithm specifies the XML-Signature XPath Filter Version
2.0 proposed recommendation.When you use this algorithm, you must specify a set of properties. You can use multiple property sets for the XPath Filter Version 2. Therefore, it is recommended that your property names end with the number of the property set, which is denoted by an asterisk in the following examples:
- To specify an XPath
expression for the XPath filter2, you might
use:
name com.ibm.wsspi.wssecurity.dsig.XPath2Expression_*
- To specify a filter type for each XPath, you might use:
Following this expression, you can have a value, [intersect], [subtract], or [union].name com.ibm.wsspi.wssecurity.dsig.XPath2Filter_*
- To specify the processing
order for each XPath, you might use:
Following this expression, indicate the processing order of the XPath.name com.ibm.wsspi.wssecurity.dsig.XPath2Order_*
The following is a list of complete examples:com.ibm.wsspi.wssecurity.dsig.XPath2Expression_2 = [XPath expression#1] com.ibm.wsspi.wssecurity.dsig.XPath2Filter_1 = [intersect] com.ibm.wsspi.wssecurity.dsig.XPath2Order_1 = [1] com.ibm.wsspi.wssecurity.dsig.XPath2Expression_2 = [XPath expression#2] com.ibm.wsspi.wssecurity.dsig.XPath2Filter_2 = [subtract] com.ibm.wsspi.wssecurity.dsig.XPath2Order_2 = [2]
- To specify an XPath
expression for the XPath filter2, you might
use:
- http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform
- This algorithm specifies the enhancements to SOAP messaging that provide message integrity and confidentiality.
- http://www.w3.org/2002/07/decrypt#XML
- This algorithm specifies the W3C decryption transform for XML Signature recommendation.
- http://www.w3.org/2000/09/xmldsig#enveloped-signature
- This algorithm specifies the W3C recommendation for XML digital signatures.