Develop a key locator

Perform the following steps to develop your own key locator:

  1. Define the key locator class method. WebSphere Application Server - Express provides the com.ibm.wsspi.wssecurity.config.KeyLocator key locator interface, which defines the following methods:

    You must configure the following methods implemented by the custom key locator implementation.

    Note: This listing only shows the methods and does not include an implementation.

    import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.config.KeyLocator;
import com.ibm.wsspi.wssecurity.config.KeyLocatorException;
import java.security.Key;
import java.security.cert.Certificate;
import java.util.Map;
import java.util.Set;

public class MyKeyLocatorImpl implements KeyLocator {
  public void init(Map map) throws SoapSecurityException {
    // Initialize the key locator object.
  }

  public Set getNames(Object context) throws KeyLocatorException {
    // Returns all the abstract key "name"s.
  }

  public Key getEncryptionKey(String name, Object context) throws KeyLocatorException {
    // Returns the encryption key that corresponds to the given abstract "name".
  }

  public Key getDecryptionKey(String name, Object context) throws KeyLocatorException {
    // Returns the decryption key that corresponds to the given abstract "name".
  }

  public Key getSigningKey(String name) throws KeyLocatorException {
    // Returns the signing key that corresponds to the given abstract "name".
  }

  public Key getVerificationKey(String name) throws KeyLocatorException {
    // Returns the verification key that corresponds to the given abstract "name".
  }

  public String getName(Key key) throws KeyLocatorException {
    // Returns the abstract "name" that corresponds to the given key.
  }

  public Certificate getCertificate(Key key) throws KeyLocatorException {
    // Returns the certificate object that corresponds to the given key.
  }

  public Certificate getCertificate(String name) throws KeyLocatorException {
    // Returns the certificate object that corresponds to the given abstract "name".
  }

  public String getName(String name) throws KeyLocatorException {
    // Returns the concrete "name" that corresponds to the given abstract "name".
  }
}

  2. Compile the implementation. Make sure that /QIBM/ProdData/WebASE/ASE5/lib/was-wssecurity.jar is in the compiler class path.

  3. Copy the class file to a location in the class path, preferably the /QIBM/UserData/WebASE/ASE5/instance/lib/ext directory, where instance is the name of your instance.

  4. Restart the application server.

  5. With the WebSphere administrative console, delete default key locator configuration. Click Application Servers --> server_name Web Services: Default bindings for Web Services Security --> Key Locators --> key_locator_name, where server_name is the name of your application server, and key_locator_name is the name of the default key locator.

    Select the checkbox next to specific key locator name and click Delete.

  6. Add your custom key locator. Click New. Verify that the class name is dot-separated and appears in the class path.

  7. Under Additional Properties, click Properties to add additional properties that are required to initialize the custom key locator. These properties are passed to the init(java.util.Map) method of your implementation when it extends the com.ibm.wsspi.wssecurity.config.KeyLocator interface as described in the first step.

  8. Save the configuration.

  9. Update the runtime configuration by clicking Servers --> Application Servers --> server_name --> Web Services: Default bindings for Web Services Security (where server_name is the name of your application server) or Security --> Web services.

  10. Restart the application to use the new key locator implementation.