Hi,
I implemented a webservice using WS-Security of digital certificate. I am using the WebSphere 5.1 studio so I see the generated ibm-webservices-bnd.xmi and ibm-webservices-ext.xmi two files contain this security integrity configuration. However the WSDL file itself seems has no change compared with the webservice with no-security.
I am wondering how would the webservice client know what kind WS-security he should enable and configure in his side to access my secured web service successfully? Since from WSDL, client won't see WS-security information.
I tried to create two seperate clients. One is with no security at all and the client won't be able to get any thing back from my digital signature enabled webservice. By monitoring with the TCP/IP server, I saw the client get the
SOAP Fault with the FaultCode - FailedCheck and FaultString - The SOAP Body is not signed.
The other client I created with WS-Security of digital signature. I monitored this client and see it can successfully access my web service.
Should client just check the fault and decide which WS-Security to implement at his side? Or is there other stand way that the client know?
Thanks