Hi,
I am using SAP Web AS 6.40. I want to call a web service that is implemented by an EJB in the SAP J2EE engine.
I want this service to be secured by Digital Signatures (WS Security) .
The client of the Web Service is running on IBM Websphere.
In the documentation, I see that WS Security is only supported on deployable web service proxies. Does this mean that if I generate a client using IBM's web service tools and deploy it on websphere, it will not work ?
Do you have to enable HTTPS in order to use digital signatures to authenticate the client of a web service ?
Thank you.
Thierry
Message was edited by: Thierry Dagnino
If you need to enable signature for a web service invocation, you need to do some security processing on the client side as well as server side. If you take deployable web service proxy (the corresponding app is deployed on J2EE engine), it can use the WS Security functionality on the J2EE engine itself. If you use standalone proxy, you are on your own to create signatures. So in your case, if you use websphere based web service client, you need to use the local WS Security functionality to create signature.
On the Web service side, it should not matter, where the SOAP call is coming from given you have the correct configuration.
HTTPS and digital signatures can be used independently.
Add a comment