Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Define and managing secure policy set bindings
Configure web service binding to use SSL
Use this task to specify abstract intents in the Service Component Architecture (SCA) composite file to achieve a quality of service for secure connection using SSL. The default SCA composite file is called default.composite and it is located in the META-INF level of the application structure. These intents must be mapped to policy sets that can satisfy the intents during deployment.
Before you begin this task, install a service application.
Intents and policy sets can be used to configure web service bindings to achieve a secure connection.
Procedure
- Configure administrative and application security for the server.
In order to secure the service so that it only accepts secure requests, and for the service to require authentication, administrative and application security must be enabled for the server. See Securing JAX-WS web services using message-level security.
- Configure the service to require a secure transport by attaching the WSHTTPS default policy set.
Policy sets and bindings can be specified for SCA services and references using one of three different methods.
- Specify a policy set and bindings directly in the composite file.
- Attach a policy set during deployment using the addCompUnit command.
- Attached or update a policy set during post deployment using the web services policy set management panels in the admin console.
For additional information on each of the methods for attaching a policy set, see mapping abstract intents and managing policy sets. The code examples that are included in this task step and the next step use the composite file method to specify the WSHTTPS Default policy set.
Attach the WSHTTPS default policy set and define the quality of service (QoS) namespace in the composite file.
<service name="AccountService"> <binding.ws qos:wsPolicySet="WSHTTPS default" ... /> </service>
- Configure the client to use SSL connection by attaching a policy set to the <binding.ws> element.
The wsPolicySet attribute can be used to specify policy sets at the composite, component, service, reference, and binding.ws levels in the SCA composite file. The actual attachment happens only at the binding.ws level and policy sets specified at other levels are inherited down to the binding level. For additional information on attaching policy sets and the inheritance rules, refer to mapping abstract intent to policy sets. The following example illustrates the attachment of WSHTTPS default policy set to the <binding.ws> element.
<reference name="AccountService"> <binding.ws qos:wsPolicySet="WSHTTPS Default" ... /> </reference>The WSHTTPS default policy set is a default policy set available in every server profile and it provides client-side SSL transport configuration. For additional information, see WSHTTPS default policy set.
The client must use an endpoint address of the form https:// <host>: <secure-port> to contact the service.
Results
When you finish this task, we have configured web service bindings to use SSL.
What to do next
We can proceed to configuring other application specific bindings for your policy sets.
WSHTTPS default policy set
Secure JAX-WS web services using message-level security
Secure web services applications at the transport level
Attach a policy set to a service artifact
Map abstract intents and managing policy sets
Create application specific bindings for policy set attachment
Configure web services client bindings
Configure default Web Services Security bindings
Configure the HTTP transport policy
Configure the SCA web services binding
Define and managing policy set bindings