To use the WS-Security policy with your web service clients,
you must first configure bindings for the policy.
About this task
The WS-Security specification includes enhancements to
SOAP messaging to provide quality of protection through message integrity,
message confidentiality, and single message authentication. This specification
provides protection for a message by encrypting or digitally signing
(or both) a message body, headers, attachment, or any combination
(or parts) of these. The specification also provides a mechanism for
associating security tokens with messages.
To
configure a binding for the WS-Security policy:
Procedure
- In the Client Side Policy Set Attachment wizard, select
the WSSecurity policy type in the Bindings Configuration table;
then click Configure.
- On the Digital Signature Configuration tab:
- Under Outbound Message Security Configuration,
select the type of information that your key contains and the algorithm
that will be used to transform your outbound messages that have digital
signatures. Use the Key Store Settings button
to specify settings for your key store.
- Under Inbound Message Security Configuration,
select the algorithm that will be used to transform your outbound
messages that have digital signatures. Select the Trust
Any Certificate check box if you want to accept all incoming
messages that have digital signatures, without verifying credentials.
If you clear this check box, use the Key Store Settings button
to specify settings for your key store, and optionally specify a certificate
in the Certificate Path field.
- On the XML Encryption Configuration tab:
- Under Outbound Message Security Configuration,
select the type of information that your key contains and the algorithm
that will be used to transform your outbound messages that have digital
signatures. Use the Key Store Settings button
to specify settings for your key store. Select the Enable
MTOM WS-Security Optimization check box if you want to
use the SOAP Message Transmission Optimized Mechanism (MTOM) when
sending binary data with your messages. Select the Enable
Encrypted Header for WS-Security 1.0 check box if you
want to use encrypted SOAP headers in the WS-Security version 1.0
specification format.
- Under Inbound Message Security Configuration,
use the Key Store Settings button to specify
settings for your key store.
- On the Token Authentication tab:
- In the Callback handler list,
select a Java™ class to handle
messages that use token authentication.
- Type your user name and password for token authentication.
- Select the Enable Message Expiration check
box if you want to enable expiration of your sent messages. If you
select this check box, type the number of minutes after which your
sent messages will expire in the Message Expiration Interval field.
This number should be a positive integer. By default, sent messages
remain permanently valid.
- Click OK.
What to do next
Note: The window displays read-only information about the
token types, callback handlers, and JAAS logins in the binding to
help you with specifying the required values.