Securing Web Services
InterSystems IRIS supports parts of the WS-ReliableMessaging specifications
, as described in the first chapter
. This specification provides a mechanism to reliably deliver a sequence of messages, in order. The easiest way to use this support is to create a security policy
and use the Reliable Message Delivery
option in the Web Service/Client Configuration Wizard. Another option is to manually use reliable messaging, as described in this chapter, which discusses the following topics:
To send a sequence of messages reliably from an InterSystems IRIS web client to a web service that supports WS-ReliableMessaging, do the following:
Specify the security header elements of the web client as needed. See previous chapters of this book.
If you are using WS-SecureConversation, as described in the previous chapter
, start the secure conversation.
This method has the following signature:
classmethod Create(addressingNamespace As %String,
oneWay As %Boolean = 0,
retryInterval As %Float = 1.0,
maxRetryCount As %Integer = 8,
expires As %xsd.duration,
SSLSecurity As %Boolean = 0) as %SOAP.RM.CreateSequence
Invoke web methods as needed.
Use the same web client instance each time.
Call the %CloseRMSession()
method of the web client when you are done sending messages.
Also make sure to sign the WS-ReliableMessaging headers as described in the next section
You can sign the WS-ReliableMessaging headers in either of the following ways.
To modify an InterSystems IRIS web service to support WS-ReliableMessaging, modify the web methods so that they do the following:
You can specify the following parameters of the web service class to fine-tune the behavior of the web service:
Corresponds to the InOrder policy assertion of WS-ReliableMessaging. Specify this as either 0 (false) or 1 (true). See the Web Services Reliable Messaging Policy 1.1 specification for details.
By default, when this parameter is not specified, an InterSystems IRIS the web service does not issue SOAP faults about the order of messages.
Corresponds to the DeliveryAssurance policy assertion of WS-ReliableMessaging. Specify this as "ExactlyOnce"
, or "AtMostOnce"
. See the Web Services Reliable Messaging Policy 1.1 specification for details.
By default, when this parameter is not specified, an InterSystems IRIS the web service does not issue SOAP faults about any failures to deliver according to this policy assertion.
Specifies the inactivity timeout, in seconds, for the sequence received by the web service. The default is 10 minutes.
Also, you can implement the %OnCreateRMSession()
callback method of the web service. This method is invoked at the start of WS-ReliableMessaging session before the %SOAP.RM.CreateSequenceResponse is returned. The response argument has been completely created and not yet returned at this point. This callback gives you an opportunity to add any required Security header elements to the SecurityOut
property of the web service. If WS-Policy is used, then WS-Policy support does this automatically. For the method signature, see the class reference for %SOAP.WebService