[B]Configure digital signatures[/B]

Configure the service side

Follow these steps to configure the service side:

• In the Web perspective, open the Web services deployment descriptor (webservices.xml), by selecting: EchoServiceEJB => ejbModule => META-INF => webservices.xml.
  
• Switch to the Security Extensions tab.
  Figure 1. Required integrity
  

[B]Configure digital signatures[/B]

Configure the service side

Follow these steps to configure the service side(继续ing...):

• In the Required Integrity section, click Add to add body and securitytoken. Note that this requires two add steps.
  Figure 2. Add reference part dialog
  
  

[B]Configure digital signatures[/B]

Configure the service side

Follow these steps to configure the service side(继续ing...):

• Switch to the Binding Configurations tab.
  
• In the Trust Anchor section, click Add to add a trust anchor.
  Figure 3. Trust anchor
  
  

[B]Configure digital signatures[/B]

Configure the service side

Follow these steps to configure the service side(继续ing...):

• In the trust anchor dialog, point to the keystore that holds your trusted signer certificates, as shown in Figure 4. More sophisticated PKI installations may also require a certificate store list that contains certificates required to process certificate chains.
  Figure 4. Trust Anchor dialog
  
  

[B]Configure digital signatures[/B]

Configure the service side

Follow these steps to configure the service side(继续ing...):

• In the Signing Information section, click Add.
  
• In the Signing Info dialog, use the default algorithms unless you know differently.
  
• Select Use certificate path reference, then select your new trust anchor, and click OK.
  Figure 5. Signing Information dialog
  
  

[B]Configure digital signatures[/B]

Configure the client side

To configure the client for digital signatures in the SOAP message, complete the following steps:

• In the Web perspective, open the Web services client deployment descriptor (webservicesclient.xml), by selecting EchoServiceClientWeb => Web Content => WEB-INF => webservicesclient.xml.
  
• Switch to the Security Extensions tab.
  
• In the Integrity section, click Add to add body and securitytoken. Note that this requires two add steps.
  Figure 6. Integrity
  

[B]Configure digital signatures[/B]

Configure the client side

To configure the client for digital signatures in the SOAP message, complete the following steps: (继续ing....)

• Switch to the Port Binding tab.
  
• In the Key Locators field, add a key locator, click Add.
  Figure 7. Key locators
  

[B]Configure digital signatures[/B]

Configure the client side

To configure the client for digital signatures in the SOAP message, complete the following steps: (继续ing....)

• In the Key Locator dialog, check Use key store and specify the keyStore storepass (password), path and type.
  
• In the Key field, add a key reference. Specify the alias and key password associated with the key in the keystore. Specify a name for the key, such as SignerKey.
  
• Click OK.
  Figure 8. Key Locator dialog
  

[B]Configure digital signatures[/B]

Configure the client side

To configure the client for digital signatures in the SOAP message, complete the following steps: (继续ing....)

• In the Signing Information section, click Enable.
  
• In the Signing Info dialog, enter the string you used for the key name as the Signing key name; for example, SignerKey.
  
• IIn the Signing key locator field enter the name you gave the locator you created previously.
  
• Click OK.
  Figure 9. Signing Information dialog
  
  

Configure encryption

This section discusses the steps required to configure the Web services security infrastructure to encrypt parts of a SOAP message. We will do this in Application Developer, but the steps are almost identical if you use the ATK supplied with the Application Server runtime.