Create a Web service security configuration
Related Tasks Related Topics
Use this page to create a new Web service security configuration.
When a deployed WebLogic Web service has been configured to use message-level security (encryption and digital signatures, as described by the WS-Security specification), the Web services runtime determines whether a Web service security configuration is also associated with the service. This security configuration specifies information such as whether to use an X.509 certificate for identity, whether to use password digests, the keystore to be used for encryption, and so on.
WebLogic Web services are not required to be associated with a security configuration; if the default behavior of the Web services security runtime is adequate then no additional configuration is needed. If, however, a Web service requires different behavior from the default (such as using an X.509 certificate for identity, rather than the default username/password token), then the Web service must be associated with a security configuration.
@weblogic.jws.security.WssConfigurationJWS annotation in the JWS file that implements the Web service specifies the name of the security configuration that is associated with a Web service. If the Web service does not include this annotation, then it is associated with the default security configuration, called default_wss.
This assistant guides you through the process of creating a new Web service security configuration.
Remember that if you are creating the default configuration, you must name it
- Create a Web service security configuration
- Specify the key pair used to sign SOAP messages
- Specify the key pair used to encrypt SOAP messages
- Use a password digest in SOAP messages
- Use X.509 certificates to establish identity