Create a new WS-Security configuration for use with service integration
bus-deployed Web services. You use WS-Security configurations to secure the
SOAP messages that pass between service requesters (clients) and inbound services,
and between outbound services and target Web services.
Before you begin
Use this option to work with
WS-Security configurations that comply with either the
Web Services Security (WS-Security) 1.0 specification,
or the previous WS-Security specification, WS-Security Draft 13 (also known
as the Web Services Security Core Specification).
Deprecation note: Use of WS-Security Draft 13 is deprecated in WebSphere Application
Server Version 6, and you should only use it to enable inter-operation between
applications running in WebSphere Application Server Version 5 and Version
6, or to allow continued use of an existing Web services client application
that has been written to the WS-Security Draft 13 specification.
This
topic assumes that you have got, from the owning parties, the WS-Security configurations for
the client (in the case of an inbound service) and the target Web service
(in the case of an outbound service).
You can only use WS-Security with Web service applications that comply with the Web services for Java 2 Platform, Enterprise Edition (J2EE) or Java Specification Requirements (JSR) 109 specification. For information about how to make your Web service applications JSR-109 compliant, see Developing and deploying Web services clients.
About this task
WS-Security configurations specify the level of security that
you require (for example "The body must be signed"). This level of security
is then implemented through the run-time information contained in a WS-Security
binding. You receive the security configuration information direct
from the service requester or target service provider, in the form of an ibm-webservicesclient-ext.xmi file
for the client, and an ibm-webservices-ext.xmi file for the
target Web service, which contain the information on the levels of security
(integrity, confidentiality and identification) that are required. You extract
the information from these .xmi files, then manually enter
it into the WS-Security configuration forms.
Configurations are administered
independently from any Web service that uses them, so you can create a configuration
then apply it to many Web services. However, the security requirements for
an inbound service (which acts as a target Web service) are significantly
different to those required for an outbound service (which acts as a client).
Consequently, configurations are further divided by service type (inbound
or outbound).
Unlike most other configuration objects, when you create
a WS-Security configuration you can only define its basic aspects. To define
the details you save the new WS-Security configuration, then reopen it for
modification as described in Modifying an existing WS-Security configuration.
To create a new WS-Security configuration, complete
the following steps:
Procedure
- Start the administrative console.
- In the navigation pane, click . The WS-Security
service configurations collection form is displayed.
- Click New. The New WS-Security
Service Configuration wizard is displayed.
- Use the wizard to assign the following general properties:
- Select the version of the WS-Security specification. Set this option to either Draft 13 (for a configuration that complies
with the WS-Security Draft 13 specification) or 1.0 (for a configuration that
complies with the Web Services Security (WS-Security) 1.0
specification.
Deprecation note: The WS-Security
Draft 13 specification is deprecated in WebSphere Application Server Version
6, and you should only use it to enable inter-operation between applications
running in WebSphere Application Server Version 5 and Version 6, or to allow
continued use of an existing Web services client application that has been
written to the WS-Security Draft 13 specification.
- Specify the service type. If you are creating a configuration
to secure the SOAP messages that pass between a service requester (client)
and an inbound service (which acts as a target Web service), select Inbound
Service. If you are creating a configuration to secure the SOAP messages that
pass between an outbound service (which acts as a client) and a target Web
service, select Outbound Service.
- Specify the WS-Security configuration type.
Give
a name to this configuration. This name must be unique across both WS-Security
Version 1.0 and Draft 13 configurations, and it must follow the following
syntax rules:
- It must not start with "." (a period).
- It must not start or end with a space.
- It must not contain any of the following characters: \ / , # $
@ : ; " * ? < > | = + & % '
(Optionally) Specify an Actor URI for this configuration. WS-Security
headers within the consumed request message are only processed if they have
the specified Actor URI.
- Click Finish. The general
properties for this item are saved.
Results
If the processing completes successfully, the list of WS-Security
configurations is updated to include the new configuration. Otherwise, an
error message is displayed.