Web Services security, or to be more precise, SOAP message
security,
identifies and provides solutions for general computer security threats
as
well as threats unique to Web services.
WSO2 Carbon supports WS Security, WS-Policy and
WS-Security Policy
specifications. These specifications define a behavioral model for Web
services. A requirement for one Web service may not be valid for
another.
Thus defining service-specific requirements might be necessary.
The WSO2 SOA platform provides important
security features to your
service. By default, the security features are disabled. You should
explicitly enable the security feature.
Adding Security Features
Understanding the exact security requirements should be the
first step you
should take when planning to secure your Web services. For an
example, you
may have to consider what security aspects are important to your
service,
whether it is the integrity, confidentiality, or both.
In the navigator, under Manage/Service, click List. The Deployed
Services page appears.
Click on the service name for which you want to add
security features. The Service Dashboard
page appears.
Click Security in the Quality
of Service Configuration panel. The Security
for Service page appears.
To enable security for the service, in the Enable
Security list, click Yes.
Figure 1: Enabling security
A list of available security features is displayed.
Figure 2: Selecting Security Scenarios
Select the suitable security features by clicking on the
corresponding option buttons, and then click Next.
The Activate Security
page appears. You can configure the security features on this page. The
configurations depend on your previous selections.
If you selected a feature that includes Username Token,
you will have the User Group panel to choose the users who are
allowed to access the service.
Figure 3: Activate security - User Group
If you selected a feature that requires signing or
encryption, the Trusted Key Stores panel appears.
Select the KeyStore (wso2carbon.jks) and the Private Key Store
(currently only the wso2carbon.jks keystore is available).
Figure 2: Selecting Key Store
Click Finish
have been added successfully.
Disabling Security Features
This function is used to disable active security features for a
particular
service.
In the navigator, under Manage/Service,
click List. The Deployed
Services page appears.
Click on the service name for which you want to disable the
security features. The Service Dashboard
page appears.
Click Security in the Quality
of Service Configuration panel. The Security for Service
page appears.
To disable security for the service, in the Enable
Security list, click No
Note: All security scenarios are described in the wizard.