Migration of JAX-WS Web Services Security bindings from Version 6.1

You can migrate Web Services Security bindings from an older version to Version 7.0 and later of WebSphere® Application Server. Migration of the JAX-WS bindings in Version 6.1 Feature Pack for Web Services takes place during the product migration to Version 7.0 and later.

The product migration handles most of the WS-Security migration process, but your input and action is required for specific configurations in order to complete the migration. Following are some examples of configurations that require manual migration steps:

  • Using callers on Version 6.1 Feature Pack for Web Services.

    WebSphere Application Server Version 7.0 and later supports the capability to specify a preference order for callers. In the situation where only a single caller is present in the bindings, product migration automatically assigns an order of 1 to the single caller that is present. However, if there are multiple callers, warnings are logged during migration, and you must manually assign the caller preference order. Set the order attribute for each caller using the administrative console, or the administration commands, after product migration is completed. Read about call collection and configuring the callers for general and default bindings for instructions on setting the caller order using the administrative console. See the topic WS-Security policy and binding properties for information on using the administration commands.

  • Using multiple username tokens in the default bindings.

    During product migration for Version 6.1 default bindings, all UsernameToken generators and consumers in the bindings will be migrated. However, if multiple username token generators, or consumers, are used, a warning is logged during migration. The warning states that a maximum of two username token generators and two username token consumers are allowed, and that one of each pair of token generators or consumers must have the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property set to true. You must manually select which username token consumer or generator to keep, and which token has the com.ibm.wsspi.wssecurity.token.IDAssertion.isUsed property, using the administrative console, or administration commands.

    • To use the administrative console to set the property, access the WS-Security 6.1 default bindings as instructed in the Policy set bindings settings for WS-Security topic, and click the Authentication and Protection link. Add, remove or edit the username token consumers and generators as needed, following the instructions in the WS-Security authentication and protection for general bindings topic.
    • To use the administration commands to set the property, and to add, delete and edit the username token generators or consumers as needed, refer to the WS-Security policy and bindings properties topic for instructions.
  • Using multiple token generators and token consumers of the same type in Version 6.1 default bindings.

    During product migration for Version 6.1 default bindings, all token generators and token consumers for supporting tokens are migrated. In the situation where multiple token generators and token consumers of the same supporting token type are found a warning is logged during migration. This warning states that only a single token consumer and token generator for each supporting token type must be present. You must manually select which token consumer or generator to use for the repeating supporting token type, using the administrative console or administration commands. To use the administrative console to select the token, access the WS-Security 6.1 default bindings as instructed in the Policy set bindings settings for WS-Security topic, and select the Authentication and Protection link. Add, edit or remove token consumers and generators as needed, following the instructions in the WS-Security authentication and protection for general bindings topic.