Application Server Message Security
Security Implementation
rity) to secure messages. WS-Security is a message security mechanism that uses
XML Encryption and XML Digital Signature to secure web services messages
sent over SOAP. The WS-Security specification defines the use of various secu-
rity tokens including X.509 certificates, SAML assertions, and username/pass-
word tokens to authenticate and encrypt SOAP web services messages.
its web services client and server-side containers. This functionality is integrated
such that web services security is enforced by the containers of the Application
Server on behalf of applications, and such that it can be applied to protect any
web service application without requiring changes to the implementation of the
application. The Application Server achieves this effect by providing facilities to
bind SOAP layer message security providers and message protection policies to
containers and to applications deployed in containers.
Server:
Server. For more information, read How Does WSS Work in the Applica-
tion Server (page 242).
uring Application-Specific Message Security (page 244).
layer message security providers and message protection policies to the contain-
ers in which the applications are deployed or to web service endpoints served by
the applications. SOAP layer message security functionality is configured in the
client-side containers of the Application Server by binding SOAP layer message
security providers and message protection policies to the client containers or to
the portable service references declared by client applications.
ers are configured in the client and server-side containers of the Application