Table of Contents
Advertisement
10
C H A P T E R
Configuring Message Security
Some of the material in this chapter assumes a basic understanding of security and web services
concepts. This chapter describes the configuration of message layer security for web services in
the Enterprise Server. This chapter contains the following topics:
"Overview of Message Security" on page 127
■
"Understanding Message Security in the Enterprise Server" on page 128
■
"Securing a Web Service" on page 132
■
"Securing the Sample Application" on page 133
■
"Configuring the Enterprise Server for Message Security" on page 133
■
"Message Security Setup" on page 137
■
Overview of Message Security
In message security, security information is inserted into messages so that it travels through the
networking layers and arrives with the message at the message destination(s). Message security
differs from transport layer security (which is discussed in the Security chapter of the Java EE
5.0 Tutorial) in that message security can be used to decouple message protection from message
transport so that messages remain protected after transmission.
Web Services Security: SOAP Message Security (WS-Security) is an international standard for
interoperable Web Services Security that was developed in OASIS by a collaboration of all the
major providers of web services technology (including Sun Microsystems). WS-Security is a
message security mechanism that uses XML Encryption and XML Digital Signature to secure
web services messages sent over SOAP. The WS-Security specification defines the use of various
security tokens including X.509 certificates, SAML assertions, and username/password tokens
to authenticate and encrypt SOAP web services messages.
The WS-Security specification can be viewed at
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf.
1 0
127
Advertisement
Chapters
Table of Contents
