You can protect your information transmissions against confidentiality
attacks by adding XML encryption to your Web service.
Prerequisite: Create or import a project containing a Web service.
You can protect both the client and the server using the XML encryption
wizard. To add XML encryption protection to a server:
- Change to the J2EE perspective.
- Click .
- Select J2EE from the list and click OK.
- Expand the Web Services tab in the Project
Explorer view.
- Expand the Services tab.
- Right-click on your service and select .
- In the Confidentiality Message Parts section, there is one Message
Part added by default. You can modify the existing default by modifying the
Dialect or Key word. You may also add more Message Parts.
- Enter the required information in the Server Side Request Generator
XML Encryption window.
- In the Key store Path field, browse to
the XML encryption key.
- In the Key Store Password field, type
the password corresponding to the selected key.
- Select the Use a Key check box and enter
the authentication information for the requester.
- To accept the rest of the defaults and continue to the Server Side
Response Generator XML Encryption page, click Next
Note: You can select your preferred key and data encryption method
algorithms with the available drop-down menus in the encryption information
section.
The data encryption algorithm is used for encrypting or decrypting
parts of a SOAP message, such as the SOAP body or the username token. The
following pre-configured algorithms are supported:
- http://www.w3.org/2001/04/xmlenc#tripledes-cbc
- http://www.w3.org/2001/04/xmlenc#aes128-cbc
- http://www.w3.org/2001/04/xmlenc#aes256-cbc
- http://www.w3.org/2001/04/xmlenc#aes192-cbc
The key encryption algorithm is used to encrypt the key that
is used for encrypting the message parts within the SOAP message. The following
pre-configured algorithms are supported:
- http://www.w3.org/2001/04/xmlenc#rsa-1_5
- http://www.w3.org/2001/04/xmlenc#kw-tripledes
- http://www.w3.org/2001/04/xmlenc#kw-aes128
- http://www.w3.org/2001/04/xmlenc#kw-aes256
- http://www.w3.org/2001/04/xmlenc#kw-aes192
- Repeat step 5 and 6 for the Server Side Response Generator XML
Encryption window.
- Click Finish. XML encryption
security now secures your server.
- In order for the client to access the server, you must create a
corresponding XML encryption security for the client using one of the following
methods:
- To create a corresponding XML encryption using the XML encryption
wizard:
- Right-click on the client and select .
- Repeat steps 5 - 9 above, using the same information as was used for the
XML Encryption wizard on the server side.
- If you have finished setting up all types of security for your server
you can create a corresponding XML encryption using the Based on a Secured
Web Service wizard:
- Right-click on the client and select .
- Verify that the corresponding server is selected from the drop-down menu
and click Next.
- Enter the required information in the Client Side Request Generator XML
Encryption and Client Side Response Consumer XML Encryption sections:
- In the Key store Path field, browse to the XML
encryption key.
- In the Key Store Password field, type the password
corresponding to the selected key.
- Click Finish.
This will set up the all of the necessary security features corresponding
with the server, for your client.
XML encryption security will now protect your server. You can see
the changes in your XML source by switching to the Resource perspective and
opening your Web service .xmi file.