Configuration Guides › Policy Server Configuration Guide › Introducing SOA Security Manager › How to Develop and Deploy SOA Security Manager Protected Web Services

How to Develop and Deploy SOA Security Manager Protected Web Services

To develop a web service implementation protected with SOA Security Manager, do the following:

1. Determine how many web services, locally or at federated sites, will be used to perform the required functionality.
2. Choose an authentication service model by determining the following:
   • How security information is to be obtained from a request and, in a multiple-web service environment, how that information is to be passed between web services.
   • In a multiple-web service environment, the flow of data between web services.
3. For each web service in your web service implementation, determine the following:
   1. Define the service interface. The simplest form of interface for a web service can be specified as a set of XML schemas. These schemas dictate the type of XML document to be sent to the web service and what type of document the sender can expect in return.
   2. Build the web service implementation to accommodate an incoming XML document of the type specified in the interface and turn that XML document into a meaningful set of calls to the integrated back-end systems that the web service exposes.
   3. Deploy your web service implementation to a web server, application server, or ESB protected by a SOA Agent. You direct consumers of your web service to send their XML message requests to this URI to access the web service.
   4. Configure SOA Security Manager policies to determine how the SOA Agent should authenticate, authorize, and process the XML message before it passes it onto the web service implementation for handling.

      Once it receives a message from the SOA Agent, the web service should return an applicable XML response to the calling web service consumer application or the next.