74 lines
2.7 KiB
HTML
74 lines
2.7 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
||
|
<html>
|
||
|
<head>
|
||
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
||
|
|
||
|
<title>Request receiver</title>
|
||
|
</head>
|
||
|
|
||
|
<BODY>
|
||
|
<!-- Java sync-link -->
|
||
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
||
|
|
||
|
<h6><a name="wssecreqrecvr"></a>Request receiver</h6>
|
||
|
|
||
|
<p>The security handler on the request receiver side of the Simple Object
|
||
|
Access Protocol (SOAP) message enforces the security specifications defined
|
||
|
in the IBM extension deployment descriptor (<tt>ibm-webservices-ext.xmi</tt>)
|
||
|
and bindings (<tt>ibm-webservices-bnd.xmi</tt>). The request receiver defines
|
||
|
the security requirement of the SOAP message. The security constraint for
|
||
|
request sender must match the security requirement of the request receiver
|
||
|
for the server to accept the request. If the incoming SOAP message does not
|
||
|
meet all the security requirements defined, then the request is rejected with
|
||
|
the appropriate fault code returned to the sender. For security tokens, the
|
||
|
token is validated using Java Authentication and Authorization Service (JAAS)
|
||
|
login configuration and authenticated identity is set as the identity for
|
||
|
the downstream invocation.</p>
|
||
|
|
||
|
<p>For example, if there is a security requirement to have the SOAP body digitally
|
||
|
signed by Joe Smith and if the SOAP body of the incoming SOAP message is not
|
||
|
signed by Joe Smith, then the request is rejected.</p>
|
||
|
|
||
|
<p>You can define the following security requirements for the request receiver:</p>
|
||
|
|
||
|
<dl>
|
||
|
<dt><strong>Required integrity (digital signature)</strong></dt>
|
||
|
<dd>You can select multiple parts of a message to sign digitally. The following
|
||
|
list contains the integrity options:
|
||
|
<ul>
|
||
|
<li>Body</li>
|
||
|
<li>Time stamp</li>
|
||
|
<li>Security token</li>
|
||
|
</ul>
|
||
|
</dd>
|
||
|
<dt><strong>Required confidentiality (encryption)</strong></dt>
|
||
|
<dd>You can select multiple parts of a message to encrypt. The following list
|
||
|
contains the confidentiality options:
|
||
|
<ul>
|
||
|
<li>Body content</li>
|
||
|
<li>Token</li>
|
||
|
</ul>
|
||
|
</dd>
|
||
|
<dt><strong> </strong></dt>
|
||
|
<dd>You can have multiple security tokens. The following list contains the
|
||
|
security token options:
|
||
|
<ul>
|
||
|
<li>Basic authentication, which requires both a user name and a password</li>
|
||
|
<li>Identity assertion, which requires a user name only</li>
|
||
|
<li>X.509 binary security token</li>
|
||
|
<li>Lightweight Third Party Authentication (LTPA) binary security token</li>
|
||
|
<li>Custom token, which is pluggable and supports custom-defined tokens validated
|
||
|
by the JAAS login configuration</li>
|
||
|
</ul>
|
||
|
</dd>
|
||
|
<dt><strong>Received time stamp</strong></dt>
|
||
|
<dd>You can have a time stamp for checking the timeliness of the message.
|
||
|
<ul>
|
||
|
<li>Time stamp</li>
|
||
|
</ul>
|
||
|
</dd>
|
||
|
</dl>
|
||
|
</body>
|
||
|
</html>
|