Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure web services > Secure web services


 Securing JAX-WS web services using message-level security

Web Services Security standards and profiles address how to provide message-level protection for messages that are exchanged in a web service environment.

Before you begin this task, develop and deploy a JAX-WS application. See the topic "JAX-WS" for more information. JAX-WS

JAX-WS is the next generation web services programming model complimenting the foundation provided by JAX-RPC. Using JAX-WS, development of web services and clients is simplified with greater platform independence for Java applications through the use of dynamic proxies and Java annotations. JAX-WS simplifies application development through support of a standard, annotation-based model to develop web service applications and clients. A required part of the Java Platform, Enterprise Edition 5 (Java EE 5), JAX-WS is also known as JSR 224.

JAX-WS applications can be secured with Web Services Security in one of two ways. The application can be secured using policy sets, or through the use of the Web Services Security API (WSS API). The WSS API can only be used to secure a JAX-WS client application. The following sections describe both methods.


Procedure

  1. Learn about Web Services Security.

  2. Decide which programming model, JAX-WS or JAX-RPC, works best for securing your web services applications.

  3. Configure the security bindings, or migrate an application and associated bindings.

  4. Develop and assemble a JAX-WS application.

  5. Deploy the JAX-WS application.

  6. Configure and administer the Web Services Security runtime environment.

  7. Configure policy sets through metadata exchange (WS-MetadataExchange).





Subtopics

Migration of JAX-WS Web Services Security bindings from v6.1

Auditing the Web Services Security runtime

Secure web services using policy sets

Configure the username and password for WS-Security Username or LTPA token authentication

Configure default Web Services Security bindings

General JAX-WS default bindings for Web Services Security

Web Services Security API programming model

Service Programming Interfaces (SPI)

Secure web services applications using the WSS APIs at the message level

Secure requests to the trust service using system policy sets

Configure the Kerberos token for Web Services Security

Related concepts

Overview of standards and programming models for web services message-level security
Transformation of policy and binding assertions for WSDL
JAX-WS
Web services policy sets

Related tasks

Secure web services applications using the WSS APIs at the message level
Manage policy sets
Attach a policy set to a service artifact
Define and managing policy set bindings
Signing and encrypting message parts using policy sets
Secure requests to the trust service using system policy sets
Configure security for a WS-MetadataExchange request
Configure a service provider to share its policy configuration
Troubleshoot web services
Tune Web Services Security for applications









+

Search Tips   |   Advanced Search