You can protect your information transmissions against
confidentiality attacks by adding XML encryption to your web service.
Before you begin
Prerequisite: Create or import a project containing
a web service.
About this task
You can protect both the client and the server using the
XML encryption wizard. To add XML encryption protection to a server:
Procedure
- Change to the Java™ EE
perspective.
- Click .
- Select Java EE
from the list and click OK.
- Expand the Web Services tab in the
Project Explorer view.
- Expand the Services tab.
- Right-click on your service and select .
- In the Confidentiality Message Parts section, there is
one Message Part added by default. You can modify the existing default
by modifying the Dialect or Key word. You may also add more Message
Parts.
- Enter the required information in the Server Side Request
Generator XML Encryption window.
- In the Key store Path field,
browse to the XML encryption key.
- In the Key Store Password field,
type the password corresponding to the selected key.
- Select the Use a Key check box
and enter the authentication information for the requester.
- To accept the rest of the defaults and continue to the
Server Side Response Generator XML Encryption page, click Next
Note: You can select your preferred key and data encryption
method algorithms with the available drop-down menus in the encryption
information section.
The data encryption algorithm is used for
encrypting or decrypting parts of a SOAP message, such as the SOAP
body or the username token. The following pre-configured algorithms
are supported:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
The key encryption algorithm is used to encrypt the
key that is used for encrypting the message parts within the SOAP
message. The following pre-configured algorithms are supported:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
- http://www.w3.org/2001/04/xmlenc#kw-aes192
- Repeat step 5 and 6 for the Server Side Response Generator
XML Encryption window.
- Click Finish. XML
encryption security now secures your server.
- In order for the client to access the server, you must
create a corresponding XML encryption security for the client using
one of the following methods:
- To create a corresponding XML encryption using the XML encryption
wizard:
- Right-click on the client and select .
- Repeat steps 5 - 9 above, using the same information as was used
for the XML Encryption wizard on the server side.
- If you have finished setting up all types of security for
your server you can create a corresponding XML encryption using the
Based on a Secured web service wizard:
- Right-click on the client and select .
- Verify that the corresponding server is selected from the drop-down
menu and click Next.
- Enter the required information in the Client Side Request Generator
XML Encryption and Client Side Response Consumer XML Encryption sections:
- In the Key store Path field, browse to
the XML encryption key.
- In the Key Store Password field, type the
password corresponding to the selected key.
- Click Finish.
This will set up the all of the necessary security features
corresponding with the server, for your client.
What to do next
XML encryption security will now protect your server. You
can see the changes in your XML source by switching to the Resource
perspective and opening your web service .xmi file.