Skip to Content
author's profile photo Former Member
Former Member

Web Service Security

Hi,

I am using SAP Web AS 6.40. I want to call a web service that is implemented by an EJB in the SAP J2EE engine.

I want this service to be secured by Digital Signatures (WS Security) .

The client of the Web Service is running on IBM Websphere.

In the documentation, I see that WS Security is only supported on deployable web service proxies. Does this mean that if I generate a client using IBM's web service tools and deploy it on websphere, it will not work ?

Do you have to enable HTTPS in order to use digital signatures to authenticate the client of a web service ?

Thank you.

Thierry

Message was edited by: Thierry Dagnino

Add comment
10|10000 characters needed characters exceeded

1 Answer

  • author's profile photo Former Member
    Former Member
    Posted on Jul 21, 2004 at 09:17 PM

    If you need to enable signature for a web service invocation, you need to do some security processing on the client side as well as server side. If you take deployable web service proxy (the corresponding app is deployed on J2EE engine), it can use the WS Security functionality on the J2EE engine itself. If you use standalone proxy, you are on your own to create signatures. So in your case, if you use websphere based web service client, you need to use the local WS Security functionality to create signature.

    On the Web service side, it should not matter, where the SOAP call is coming from given you have the correct configuration.

    HTTPS and digital signatures can be used independently.

    Add comment
    10|10000 characters needed characters exceeded