1. Business Services Server Reference Guide
  2. Securing JAX-WS Based Business Services on WAS

Securing JAX-WS Based Business Services on WAS

When the business services application is deployed to the business services server on WAS, Server Manager automatically installs and configures the following modules for all published services to ensure they are secure:

  • The wss.generate.issuedToken, wss.consume.issuedToken, System Java Authentication and Authorization Service (JAAS) login configurations.

  • The custom E1JAXWSBSSV_UNT JAX-WS policy set with WS-Security as the main policy to handle the UsernameToken element with user name and password elements in the SOAP Header.

  • The custom E1JAXWSBSSVBinding JAX-WS binding to configure the generic issued token consumer for the inbound UsernameToken and to configure the caller.

  • The custom Java Authentication and Authorization Service (JAAS) Application Login Module, application.e1JAXWSBssvLogin, to validate the JD Edwards EnterpriseOne users against the JD Edwards EnterpriseOne Security Server.

The system JAAS login module, the custom JAAS application login module, and the custom JAX-WS policy set are all installed once for a particular WAS profile. After a business service application is deployed to a business service instance, the custom JAX-WS policy set and binding are attached to the entire business service application making them applicable to all of the published services.