Best approach for webservices security in webmethods 8

Guest · April 11, 2012, 9:58am

What is the best approach for webservices security in webMethods 8 ?

Akshith_Arremreddy · April 11, 2012, 6:48pm

There are different versions of a “best approach” for implementing security at WS level. What is your current implementation?

These are few ways that i had a chance to implement,

You can use ACL’s,Groups and users to control access to the WSD’s and operations in it.
You can use WS Security using WSD headers in the Provider WSD.
You can implement a custom Gateway to manage access to the web services based on application origin (in the SOAP Body a field).

Cheers,
Akshith

Guest · April 12, 2012, 9:32am

Hi Akshish ,

Thanks for your reply .
We are using soap over http protocol in our webserives and i would prefer to go for WS security by making use of any existing policy file in config folder.What are the pre-requisites here and how shall i proceed further ?

Guest · April 12, 2012, 12:21pm

Do we need certiificate for implementing message level secuty ?

Akshith_Arremreddy · April 12, 2012, 7:10pm

While implementing WS headers, Policy files will help you define the auth,signing and encryption information for a web service. This will create the defined fields in the SOAP Header.

Refer to the 8-0-SP1_Web_Services_Developers_Guide.pdf for more information on the policy files. There is a sample policy file with some attributes defined in the same guide on page 134.

Cheers,
Akshith