Using a security policy
The WS-Policy specification enables web services to use XML to publish their security policies either as part of the Web Services Description Language (WSDL) file (compliant with the WS-PolicyAttachment specification) or as a separate XML document. With the WSDL Security Editor, you can create a security profile that uses a policy that complies with the WS-Policy specification.
Before you begin
Before creating a security configuration, you must have a WSDL file in your workspace.
If the security policy uses digital certificates for encrypting or signing requests or responses, you must have the corresponding keystore files (KS, JKS, JKECS, PKCS12, or PEM) in your workspace.
When you import a WSDL that contains a policy (with WS-PolicyAttachment), a security profile is automatically generated for each operation in the WSDL security editor.
Procedure
-
In the test navigator or project explorer, right-click the WSDL file, and select
Configure WSDL Security.
This opens the WSDL security editor.
-
Click the Security Algorithms tab.
Security profiles are described by adding elements to a stack. When a service request is sent or a response is received, each element in the stack is applied to the message in the specified order.
- In the Security Algorithms area, click Add to create a profile, and click Rename to change the default name.
-
In the Algorithm Stack Details area, click to add the WS-Policy element to the stack.
You can also add time stamps, user-name tokens, encryption, or signatures.
-
If the policy is included in the WSDL file, click Use policy included in WSDL
(WS-PolicyAttachment), and edit the WS-Policy settings as required:
- Policy
- If you are not using the WS-PolicyAttachment specification, specify the XML policy file. Click Browse to add a policy file from the workspace or to import a policy file.
- Signature configuration
- Select this option to specify a keystore for any signature that is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
- Encryption configuration
- Select this option to specify a keystore for any encryption that is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
- Decryption configuration
- Select this option to specify a keystore for any decryption that is specified in the policy. Click Edit Security to add a keystore from the workspace or to import a keystore.
- Retrieve token from security token server (WS-Trust and WS-SecureConversation)
- Select this option, and click Configure to specify a Security Token Server (STS) to use with the policy.
- Additional properties
- Use this table to specify settings for the advanced properties or specific implementations of the WS-Security specification. Click Add to add a property name and to set a value.
- Check that the security profile is valid by clicking .
-
Click the Algorithms by WSDL Operations tab.
On this page, you can associate a security profile with each request or response operation in the WSDL.
- In the WSDL Contents column, select a web service request or response operation.
-
In the Algorithm Stack column, select a security profile from the
list.
If necessary, click << to open the stack on the Security Algorithms page.