Use the Web services client editor within an assembly tool to include
the binding information, that describes how to run the security specifications
found in the extensions, in the client enterprise archive (EAR) file.
About this task
Important: There is an important distinction between
Version 5.x and Version 6 and later applications. The information in
this article supports Version 5.x applications only that are used with
WebSphere Application Server Version 6.0.x and later. The information
does not apply to Version 6.0.x and later applications.
When
configuring a client for Web services security, the bindings describe how
to run the security specifications found in the extensions. Use the Web services
client editor within an assembly tool to include the binding information in
the client enterprise archive (EAR) file.
You can configure the client-side
bindings from a pure client accessing a Web service or from a Web service
accessing a downstream Web service. Complete the following steps to find the
location in which to edit the client bindings from a Web service that is running
on the server. When a Web service communicates with another Web service, you
must configure client bindings to access the downstream Web service.
Procedure
- Deploy the Web service using the WebSphere Application Server administrative
console. Click Applications > Install New Application.
You
can access the administrative console by typing http://server_name:port_number/ibm/console in
your Web browser unless you have changed the port number.
See also Installing a new application.
- Click Applications > Enterprise applications > application_name.
- Under Manage modules, click URI_name.
- Under Web Services Security Properties, click Web
Services: Client security bindings. A table displays with the
following columns:
- Component Name
- Port
- Web Service
- Request Sender Binding
- Request Receiver Binding
- HTTP Basic Authentication
- HTTP SSL Configuration
For Web services security,
you must edit the request sender binding and response receiver binding configurations.
You can use the defaults for some of the information at the server level and
at the cell level in Network Deployment environments. Default bindings are
convenient because you can configure commonly reused elements such as key
locators once and then reference their aliases in the application bindings.
- View the default bindings for the server using the administrative
console by clicking Servers > Application server > server_name .
Under Additional Properties, click Web Services: Default bindings for Web
services security. You can configure the following sections.
These topics are discussed in more detail in other sections of the documentation.
- Request sender binding
- Response receiver binding
What to do next
Important: When configuring the security request sender
binding configuration, you must synchronize the information used to perform
the specified security with the security request receiver binding configuration,
which is configured in the server EAR file. These two configurations must
be synchronized in all respects because there is no negotiation during run
time to determine the requirements of the server. For example, when configuring
the encryption information in the security request sender binding configuration,
you must use the public key from the server for encryption. Therefore, the
key locator that you choose must contain the public key from the server configuration.
The server must contain the private key to decrypt the message. This example
illustrates the important relationship between the client and server configuration.
Additionally, when configuring the security response receiver binding configuration,
the server must send the response using security information known by this
client security response receiver binding configuration.
The following
table shows the related configurations between the client and the server.
The client request sender and the server request receiver are relative configurations
that must be synchronized with each other. The server response sender and
the client response receiver are related configurations that must be synchronized
with each other. Note that related configurations are end points for any
request or response. One end point must communicate its actions with the other
end point because run time requirements are not required.
Table 1. Related
configurations
Client configuration |
Server configuration |
Request sender |
Request receiver |
Response receiver |
Response sender |