Key locator default implementation

A key locator is an abstraction of the mechanism that retrieves keys for digital signature and encryption. A key locator is implemented by providing a class that implements the com.ibm.wsspi.wssecurity.config.KeyLocator interface. WebSphere Application Server - Express provides the following key locator implementations:

KeyStoreKeyLocator

The KeyStoreKeyLocator retrieves keys from a key store using the java.security.KeyStore class. To retrieve a key, the key locator uses the location, the type of the key store, and a name or label that specifies a particular key. The location and type of key store are provided in the <KeyLocator> element of the Web services security binding file (ws-security.xml, ibm-webservices-bnd.xmi, or ibm-webservicesclient-bnd.xmi).

The name or label of the key to use is determined by the sender or receiver. For example, a request sender that is going to digitally sign a request uses the name of the request receiver to retrieve the public key of the receiver. The KeyStoreKeyLocator is normally used for request sending, request receiving, and response receiving.

Response sending poses a special challenge. A server sends responses to many clients and some of those clients might have multiple keys, which can make it difficult for the server to retrieve the correct key. WebSphere Application Server - Express provides the following key locators to address this situation. These key locators are normally used for response sending.