Version 63

    JBoss WS-Security Configuration


    Deployment Descriptors


    WS-Security support is enabled by adding one or both of WS-Security deployment descriptors:


    • jboss-wsse-server.xml - The security configuration used on the server-side. This applies to all incoming requests to a web service endpoint, as well as the outgoing responses sent by the web service endpoint.


    • jboss-wsse-client.xml - The security configuration used on the client-side. This applies to all outgoing requests sent by a client, as well the response messages that are received by the client.


    Both descriptors use the same underlying XML Schema, the only difference is the name of the files. See the schema documentation for detailed information on the configuration elements in the WS-Security deployment descriptors.


    Descriptor Location


    The location of these descriptors depends on the type of deployment


    Web Application Archive (WAR)


    Both the jboss-wsse-server.xml, and jboss-wsse-client.xml are searched for in WEB-INF


    J2EE Application Client (JAR containing application-client.xml)


    Only jboss-wsse-client.xml is searched in META-INF


    EJB Archvice (JAR containing ejb-jar.xml)


    Both the jboss-wsse-server.xml and jboss-wsse-client.xml are searched for in META-INF


    Simple Example

    A simple use case is to apply encryption, and digital signature processing to the entire message body. The following server-side configuration requires all requests to be signed and encrypted, as well as signs and encrypts all response messages:

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-ws-security xmlns="" xmlns:xsi=";>
       <sign type="x509v3" alias="wsse"></sign>
       <encrypt type="x509v3" alias="wsse"></encrypt>