ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatz_5.4.0.1/51/webserv/wsseccfssl.htm

64 lines
3.9 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Configure client-side SSL for Web services</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h5><a name="wsseccfssl"></a>Configure client-side SSL for Web services</h5>
<p>Transport level security is based on Secured Sockets Layer (SSL) or Transport Layer Security (TLS) that runs beneath the HTTP protocol. Both provide security features including authentication, data protection, and cryptographic token support for secure HTTP connections. To run with HTTPS, the service endpoint address must be in the form of <tt>https://</tt>.</p>
<p>Transport level security can be used to secure Web services messages. It is orthogonal to the security support provided by WS-Security or HTTP Basic Authentication.</p>
<p>The integrity and confidentiality of transport data, including Simple Object Access Protocol (SOAP) messages and HTTP basic authentication, is confirmed when you use SSL and TLS. WebSphere Application Server - Express uses Java Secure Sockets Extension (JSSE) to support SSL and TLS.</p>
<p>The server-side, or service endpoint, transport level security is based on the Secured Sockets Layer (SSL) configuration of the WebSphere Application Server - Express Web container. See <a href="../sec/seccssl.htm">Configure SSL in WebSphere Application Server - Express</a> in the <em>Security</em> topic for more information.</p>
<p>To configure the client-side transport level security, perform the following steps:</p>
<ol>
<li><p>Create an SSL reperoire configuration entry for an existing service endpoint that acts as a service client. For more information, see <a href="../sec/seccsslr.htm">Use SSL configuration repertoires</a> in the <em>Security</em> topic.</p></li>
<li><p>Define the attribute <tt>sslConfig</tt> with the value of the alias name in the ibm-webservicesclient-bnd.xmi file. For example:</p>
<pre>&lt;sslConfig name=&quot;default/DefaultSSLSettings&quot;/&gt;</pre>
<p><strong>Note:</strong> If the attribute is not defined, the default SSL setting is used for JSSE.</p></li>
<li><p>Set the system property, com.ibm.webservices.sslConfigURL, to the property file.
For example:</p>
<pre>-Dcom.ibm.webservices.sslConfigURL=${USER_INSTALL_ROOT}/properties/sas.client.props</pre>
<p><strong>Note:</strong> If the property <tt>sslConfigURL</tt> is not defined, the default SSL setting is used for JSSE.</p></li>
<li><p>(Optional) Set the system properties of an unmanaged service client by using the <tt>-D</tt> option of the Java command. Alternatively, you can call the <tt>System.setProperty(<em>propertyName</em>,
&quot;<em>propertyValue</em>&quot;)</tt> method, where <em>propertyName</em> is the name of a property, and <em>propertyValue</em> is the value of the property.</p>
<p>Using either method, set values for the following properties:</p>
<ul>
<li><tt>java.protocol.handler.pkgs</tt></li>
<li><tt>javax.net.ssl.keyStore</tt></li>
<li><tt>javax.net.ssl.keyStorePassword</tt></li>
<li><tt>javax.net.ssl.trustStore</tt></li>
<li><tt>javax.net.ssl.trustStorePassword</tt></li>
</ul><p></p></li>
<li><p>(Optional) Redirect the Simple Object Access Protocol (SOAP) request from a client to service endpoint to be over HTTPS. Complete this step if a transport guarantee of <tt>CONFIDENTIAL</tt> or <tt>INTEGRAL</tt> is configured for a secured Web application.</p>
<p>To redirect the request set the system property <tt>com.ibm.ws.webservices.HttpRedirectEnabled</tt>
to <tt>true</tt> for the entire Java virtual machine.</p>
<p>Alternatively, you can set the property <tt>com.ibm.wsspi.webservices.Constants.HTTP_REDIRECT_ENABLED</tt>, to <tt>true</tt> in the stub or call instance, before the method is invoked.</p></li>
</ol>
</body>
</html>