FreeKB - WS-Security in WebSphere
WS-Security in WebSphere

Home > Search


Web Service Security, more commonly refered as just WS-Security, is used to secure SOAP messages. For example, let's say you are using the wsadmin.sh (Linux) or wsadmin.bat (Windows) commands to perform some task.  Almost always, wsadmin will send a SOAP message from system "a" (such as the dmgr) to system "b" (such as the appserver). 

 

When administrative security is enabled, a username and password will need to be included in the SOAP message. With wsadmin, this can be done by adding the username and password to the soap.client.props file.

com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=your_username
com.ibm.SOAP.loginPassword=your_password
com.ibm.SOAP.loginSource=none

 

WS-Security will use the UsernameToken specification to secure the password as it is being transmitted from system "a" to system "b". Remember, a SOAP message is nothing more than an XML file that gets transmitted from the sending system to the receiving system. Notice in this example that the username (john.doe) is in cleartext but the password has been obfuscated.

<wsse:UsernameToken>
   <wsse:Username>john.doe</wsse:Username>
   <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">8JGH67ghHY67JFF8f+9fkfjbHGjkG81h=</wsse:Password>
</wsse:UsernameToken>

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter fe718 in the box below so that we can be sure you are a human.




Comments