Bootstrap FreeKB - IBM WebSphere - WS-Security
IBM WebSphere - WS-Security

Updated:   |  IBM WebSphere articles

Web Service Security, more commonly refered as just WS-Security, is used to secure SOAP messages. For example, let's say you are using the wsadmin command to perform some task.  Almost always, wsadmin will send a SOAP message from system "a" (such as the dmgr) to system "b" (such as the appserver). 

 

When administrative security is enabled, a username and password will need to be included in the SOAP message. With wsadmin, this can be done by adding the username and password to the soap.client.props file.

com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=your_username
com.ibm.SOAP.loginPassword=your_password
com.ibm.SOAP.loginSource=none

 

WS-Security will use the UsernameToken specification to secure the password as it is being transmitted from system "a" to system "b". Remember, a SOAP message is nothing more than an XML file that gets transmitted from the sending system to the receiving system. Notice in this example that the username (john.doe) is in cleartext but the password has been obfuscated.

<wsse:UsernameToken>
   <wsse:Username>john.doe</wsse:Username>
   <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">8JGH67ghHY67JFF8f+9fkfjbHGjkG81h=</wsse:Password>
</wsse:UsernameToken>

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter b43203 in the box below so that we can be sure you are a human.