You can configure the encryption information for the server-side
and client-side bindings by using an assembly tool. The encryption information
on the consumer side is used for decrypting the encrypted message parts in
the incoming SOAP message. The response consumer is configured for the client,
and the request consumer is configured for the server.
About this task
Complete the following steps. You must configure either the client-side
bindings in step 2 or the server-side bindings in step 3.
Procedure
- Start the assembly tool.
- Switch to the Java 2 Platform, Enterprise Edition (J2EE) perspective.
Click Window > Open Perspective > J2EE.
- Optional: Locate the client-side bindings using the
Project Explorer window. The Client Deployment Descriptor window
is displayed. This Web service contains the extensions that you must configure.
Complete the following steps to locate the client-side bindings:
- Expand the Web Services > Client section and double-click
the name of the Web service.
- Click the WS Binding tab and expand the Security Response
Consumer Binding Configuration section.
- Optional: Locate the server-side bindings using the
Project Explorer window. The Web Services Editor window is displayed.
This Web service contains the bindings that you must configure. Complete the
following steps to locate the server-side bindings:
- Expand the Web Services > Services section and double-click
the name of the Web service.
- Click the Binding Configurations tab and expand the Request
Consumer Binding Configuration Details section.
- Expand the Encryption Information section and click Add to
add a new entry or select an existing entry and click Edit. The
Encryption Information dialog window is displayed. Complete the following
steps to specify an encryption information configuration:
- Specify a name for the encryption information configuration
in the Encryption name field.
- Optional: Select Show
only FIPS Compliant Algorithms if you want only the FIPS compliant algorithms
to show in the encryption method algorithm drop-down lists. Use this option
if you expect this application to run on a WebSphere Application Server that
has set the Use the Federal Information Processing Standard (FIPS) option
in the Global security panel of the administrative console for WebSphere Application
Server.
- Select a data encryption algorithm from the Data encryption
method algorithm field. The data encryption algorithm is used for
encrypting or decrypting parts of a SOAP message, such as the SOAP body or
the username token. The following pre-configured algorithms are supported:
This algorithm must match the data encryption algorithm that is configured
for the generator. For more information on configuring the encryption information
for the generator, see Configuring encryption information for the generator binding with an assembly tool.
- Select a key encryption algorithm from the Key encryption method
algorithm field. The key encryption algorithm is used to encrypt
the key that is used for encrypting the message parts within the SOAP message.
The following pre-configured algorithms are supported:
Select the blank entry if the data encryption key, which is the key
used for encrypting the message parts, is not encrypted. This key encryption
algorithm for the consumer must match the key encryption algorithm for the
generator. For more information on configuring the encryption information
for the generator, see Configuring encryption information for the generator binding with an assembly tool.
- Click Add in the Encryption Key Information section to add
a new key information entry or click Remove to delete a selected entry.
Complete the following substeps if you are adding a new key information
entry.
- Specify a name in the Key information name field.
- Select a key information reference from the list under the Encryption
key information field. The value in this field references the key
information configuration that you specified previously. If you have a key
information configuration called con_enckeyinfo that you want to
use with this encryption information configuration, specify con_enckeyinfo in
the Key information element field. For more information, see Configuring key information for the consumer binding with an assembly tool.
- Select a required confidentiality part from the list in the RequiredConfidentiality
part field. The value in this field specifies a reference to the
message parts for encryption.
- Click OK to save your encryption information configuration.