FreeKB - IBM WebSphere WS-Security
IBM WebSphere - WS-Security

Web Service Security, more commonly refered as just WS-Security, is used to secure SOAP messages. For example, let's say you are using the wsadmin command to perform some task.  Almost always, wsadmin will send a SOAP message from system "a" (such as the dmgr) to system "b" (such as the appserver). 


When administrative security is enabled, a username and password will need to be included in the SOAP message. With wsadmin, this can be done by adding the username and password to the soap.client.props file.


WS-Security will use the UsernameToken specification to secure the password as it is being transmitted from system "a" to system "b". Remember, a SOAP message is nothing more than an XML file that gets transmitted from the sending system to the receiving system. Notice in this example that the username (john.doe) is in cleartext but the password has been obfuscated.

   <wsse:Password Type="">8JGH67ghHY67JFF8f+9fkfjbHGjkG81h=</wsse:Password>


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter 515de in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |