Creating security profiles for WSDL files

You can create SOAP security profiles for the web service calls or message returns that require message encryption, signature or other advanced security algorithms.

Before you begin

You must have a Web Services Description Language (WSDL) file in your workspace.

If the security profile uses digital certificates for encrypting or signing requests or responses, you must have the corresponding keystore files (KS, JKS, JKECS, PKCS12, or PEM) in your workspace.

About this task

If the WSDL is simple and you want to check its security, in the Request Stack tab of the test editor, click Override Stack > Tools > Analyze Security from Pasted Content. Paste the SOAP XML message and click Next. The next page shows the different security algorithms used in the XML. Click Finish to add the security algorithms to the editor.
Note: When you add a secured SOAP XML message in Message > Source tab of the test editor, certain security related warnings are displayed in the Error Message view. If you are aware of the secured SOAP XML message and do not want to view the warnings, click Window > Preferences > Generic Service Client > Message Edition and select the Analyze pasted SOAP content check box.

If the WSDL uses WS-Policy, you must configure security as follows:

Procedure

  1. In the test navigator or project explorer, right-click the WSDL file and select Edit WSDL Security.
    The WSDL security editor is displayed.
  2. Click the Security Algorithms tab.
    Security profiles are described by adding elements to a stack. When a service request is sent or a response is received, each element in the stack is applied to the message in a specified order. If necessary, create one security profile for outgoing requests and one for incoming responses.
  3. In the Security Algorithms area, click Add to create a new algorithm stack, and click Rename to change the default name.
  4. In the Algorithm Stack Details area, click Add to add a new algorithm element to the stack.
    You can add time stamps, username tokens, encryption, or signatures.
  5. Edit each element in the stack according to the requirements of the web service.

    You can apply encryption and signature stack elements to portions of the web service call or message return document by specifying an Xpath query in User Xpath part selection. For example, you can encrypt one XML element with one encryption stack element, and another element with another stack element. You can use the Web Service Protocol Data view to help identify the correct Xpath query for this option.

    You can check whether the security stack is valid by clicking Tools > Validate Selected Algorithm.

  6. When all the stack elements are complete, ensure that the execution order is correct.
    If necessary, use the Up and Down buttons to change the order of elements in the stack.
  7. Repeat steps 4 through 7 to create as many algorithms as are required for security profile.
  8. Click the Algorithms by WSDL Operations tab.
    This page enables you to associate a security profile with each request or response operation in the WSDL.
  9. In the WSDL Contents column, select a service request or response.
  10. In the Algorithm Stack column, select a security profile from the list.
    If necessary, click << to open the stack on the Security Algorithms page.

Results

After saving the security profile, the Web Service Protocol Data view displays the effect of the security profile on the XML data of the web service.