Securing an Operation
This section discusses specifying security mechanisms at the level of a web service operation. At times, you may need to configure different operations with different supporting tokens. You may wish to configure security at the operation level, for example, in the situation where only one operation requires a UsernameToken to be passed and the rest of the operations do not require this, or in the situation where only one operation needs to be endorsed by a special token and the others do not.
In the Operation section of the WSIT configuration editor, you can select the following options for securing a web service operation:
- Transactions--Select an option from the Transactions list to specify a level at which transactions will be secured. For this release, transactions will only use SSL for security. Transactions are discussed in Chapter 11, Using Atomic Transactions.
- Secure This Operation--Select this option to secure the web service operation. This option will be grayed out if Secure Service (in the PortBinding section) is selected because it would be redundant. Once selected, the list of security mechanisms is enabled.
- Security Mechanism--Select a security mechanism from the list. The security mechanisms are fully functional as selected. To customize the security mechanism, click the Configure button. This option is discussed in more detail in Selecting and Configuring a Security Mechanism.
All of the material in The Java™ WSIT Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.