Designer 10.7 | Web Services Stack Help | Configuring Advanced Policy Settings | Configuring Web Service Security
 
Configuring Web Service Security
*To configure WS-Security
1. In Designer, double-click a Web service package to open it.
2. Select the Services or Operations tab, depending on which one you want to configure.
3. Select Enable WS-Security
The Security opens and the Enable WS-Addressing option, the HTTPS transport, Transport-level Security with SSL and Username Token Assertion are automatically enabled.
4. In the Security area, you can select one of the four Security Bindings:
*No Binding - when selected, you can disable the Enable WS-Addressing option.
*Transport-level Security with SSL
*Message-level Security with Symmetric Binding
*Message-level Security with Asymmetric Binding
Depending on the security binding you selected, continue with the relevant options below.
5. Configure the options in the Message-level Security Options area.
Option
Description
Encrypt Body
Enables encryption (EncryptedParts assertion) over the entire body content.
Sign Body
Enables integrity protection (SignedParts assertion) over the entire body content.
Sign entire Headers and Body
Enables signature over the headers and body content (OnlySignEntireHeadersAndBody policy assertion.
6. Configure the options in the Token Assertions area.
Option
Description
User Name Token
Enables the UsernameToken assertion to secure the messages sent to the client.
Secure Conversation
Enables the SecureConversationToken assertion Language (WS-SecureConversation). WS-SecureConversation provides means for creating and sharing security contexts rather than relying only on the message authentication model.
7. Other Security Options
Option
Description
Include Timestamp
Enables the usage of the IncludeTimestamp policy assertion.
Use Client Certificate
Enables the usage of client certificates to encrypt the transferred data (RequireClientCertificate policy assertion).
Note:
This option is only available when you configure transport-level security with SSL.
8. In case of Message-level Security you can specify the following:
*XPath expressions to encrypt (EncryptedElements or ContentEncryptedElements assertion) and/or sign (SignedElements assertion) parts of the message.
*Headers to be encrypted (EncryptedParts assertion) and/or signed (SignedParts assertion).
Configure the options in the Security Model Configuration (Apache Rampart see http://axis.apache.org/axis2/java/rampart/rampartconfig-guide.html) area.
Option
Description
User
Specifies the user name used. For details see "Client-Side Configuration" in the Web Services Stack documentation.
UsernameToken Validator Class
Callback Class providing the password used to create the UsernameToken for the desired user.
Password Validator Class
Callback Class providing the password to sign the message or to create the UsernameToken (for the details of the predefined callback classes see "Implementation of Password Callback Handlers in the Web Services Stack documentation).
Policy Validator Callback Class
Callback Class providing the password for Custom validators (for the details of the predefined callback classes see "Implementations of Policy Validation Callbacks" in the Web Services Stack documentation).
Optionally, you can add and use your own, user-defined password callback classes, user-defined policy validator callback classes that you added in the preferences settings of Designer. For more information, see Configuring Web Services Stack Preferences.
In the Encryption and Signing areas below you can configure the corresponding keystore and truststore.
Option
Description
Certificate Alias
The user name used for encryption (ENCRYPTION_USER) or for signature (USER_CERTIFICATE_ALIAS).
Keystore
Specifies the path to keystore file for encryption or for signature.
Keystore Password
Specifies the password for the keystore file.
Truststore
Specifies the path to truststore file for encryption or for signature.
9. Save your changes.
For more information see the separate Web Services Stack documentation, also available under http://documentation.softwareag.com > webMethods Product Line > Shared Components.