Create a new WS-Security configuration for use with service
integration bus-deployed Web services. You use WS-Security configurations
to secure the SOAP messages that pass between service requesters (clients)
and inbound services, and between outbound services and target Web
services.
Before you begin
Use this option
to work with WS-Security configurations that comply with either the
Web Services Security (WS-Security)
1.0 specification, or the previous WS-Security specification,
WS-Security Draft 13 (also known as the Web Services Security Core
Specification).
Deprecation note: Use
of WS-Security Draft 13 is deprecated in WebSphere® Application Server Version 6,
and you should only use it to enable inter-operation between applications
running in WebSphere Application
Server Version 5 and Version 6, or to allow continued use of an existing
Web services client application that has been written to the WS-Security
Draft 13 specification.
This topic assumes that you have got,
from the owning parties, the WS-Security configurations for
the client (in the case of an inbound service) and the target Web
service (in the case of an outbound service).
You can only use WS-Security with Web service applications that comply with the Web services for Java 2 Platform, Enterprise Edition (J2EE) or Java Specification Requirements (JSR) 109 specification. For information about how to make your Web service applications JSR-109 compliant, see Developing and deploying Web services clients.
About this task
WS-Security configurations specify the level of security
that you require (for example "The body must be signed"). This
level of security is then implemented through the run-time information
contained in a WS-Security
binding. You receive the security configuration information
direct from the service requester or target service provider, in the
form of an ibm-webservicesclient-ext.xmi file for
the client, and an ibm-webservices-ext.xmi file for
the target Web service, which contain the information on the levels
of security (integrity, confidentiality and identification) that are
required. You extract the information from these .xmi files,
then manually enter it into the WS-Security configuration forms.
Configurations
are administered independently from any Web service that uses them,
so you can create a configuration then apply it to many Web services.
However, the security requirements for an inbound service (which acts
as a target Web service) are significantly different to those required
for an outbound service (which acts as a client). Consequently, configurations
are further divided by service type (inbound or outbound).
Unlike
most other configuration objects, when you create a WS-Security configuration
you can only define its basic aspects. To define the details you save
the new WS-Security configuration, then reopen it for modification
as described in Modifying an existing WS-Security configuration.
To
create a new WS-Security configuration, complete the following steps:
Procedure
- Start the administrative console.
- In the navigation pane, click .
The WS-Security
service configurations collection form is displayed.
- Click New. The
New WS-Security Service Configuration wizard is displayed.
- Use the wizard to assign the following general properties:
- Select the version of the WS-Security
specification. Set this option to either Draft 13 (for
a configuration that complies with the WS-Security Draft 13 specification)
or 1.0 (for a configuration that complies with the Web Services Security (WS-Security)
1.0 specification.
Deprecation note: The
WS-Security Draft 13 specification is deprecated in WebSphere Application Server Version 6,
and you should only use it to enable inter-operation between applications
running in WebSphere Application
Server Version 5 and Version 6, or to allow continued use of an existing
Web services client application that has been written to the WS-Security
Draft 13 specification.
- Specify the service type. If you are creating
a configuration to secure the SOAP messages that pass between a service
requester (client) and an inbound service (which acts as a target
Web service), select Inbound Service. If you are creating a configuration
to secure the SOAP messages that pass between an outbound service
(which acts as a client) and a target Web service, select Outbound
Service.
- Specify the WS-Security configuration type.
Give
a name to this configuration. This name must be unique across both
WS-Security Version 1.0 and Draft 13 configurations, and it must follow
the following syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \
/ , # $ @ : ; " * ? < > | = + & % '
(Optionally) Specify an Actor URI for this configuration.
WS-Security headers within the consumed request message are only processed
if they have the specified Actor URI.
- Click Finish. The
general properties for this item are saved.
Results
If the processing completes successfully, the list of WS-Security
configurations is updated to include the new configuration. Otherwise,
an error message is displayed.