When a deployed WebLogic Web Service has been configured to use message-level security (encryption and digital signatures, as described by the WS-Security specification), the Web Services runtime determines whether a Web Service security configuration is also associated with the service. This security configuration specifies information such as whether to use an X.509 certificate for identity, whether to use password digests, the keystore to be used for encryption, and so on. A single security configuration can be associated with many Web Services.
WebLogic Web Services are not required to be associated with a security configuration; if the default behavior of the Web Services security runtime is adequate then no additional configuration is needed. If, however, a Web Service requires different behavior from the default (such as using an X.509 certificate for identity, rather than the default username/password token), then the Web Service must be associated with a security configuration.
At development time, a programmer uses the
@weblogic.jws.security.WssConfiguration
JWS annotation
in the JWS file that implements the Web Service to specify the name of
the security configuration that is associated with the Web Service. The
following procedure describes how to create this security configuration
using the Administration Console. Later you can update this
configuration with the specific security behavior required by the Web
Service.
When the programmer uses the @WssConfiguration
JWS
annotation, they specify the name of the associated security
configuration using the value
attribute; if the
programmer does not specify this attribute, then the service is
associated with the default security configuration:
default_wss
. This default security configuration must
also be explicitly created using the Administration Console, as
described in this procedure.
The following procedure describes how to create a simple Web Services security configuration.
If you are creating the default one, call it
default_wss
. If you are creating one that a
particular Web Service needs, name it the same as the
value
attribute of the corresponding
@WssConfiguration
annotation.
After you finish
The preceding task describes how to create an empty Web Services security configuration. The following tasks describe how to update this configuration to change specific security behavior:
You must also redeploy any Web Service to which this new security configuration is associated so that the new security behavior can take effect.