WS-Security addresses message level security. It standardizes authorization, encryption, and digital signature processing of web services. Unlike transport security models, such as SSL, WS-Security applies security directly to the elements of the web service message. This increases the flexibility of your web services, by allowing any message model to be used (for example, point to point, or multi-hop relay).
This chapter describes how to use WS-Security to sign and encrypt a simple SOAP message.
WS-Security is defined by the combination of the following specifications:
10.21.2.1. Endpoint configuration
JBossWS uses handlers to identify ws-security encoded requests and invoke the security components to sign and encrypt messages. In order to enable security processing, the client and server side must include a corresponding handler configuration. The preferred way is to reference a predefined JAX-WS Endpoint Configuration
or JAX-WS Client Configuration
You must setup both the endpoint configuration and the WSSE declarations. These are two separate steps.