Oracle GlassFish Server 3.1 Section 1: asadmin Utility Subcommands
create-connector-connection-pool(1)
create-connector-security-map(1)
create-connector-work-security-map(1)
create-jdbc-connection-pool(1)
create-resource-adapter-config(1)
delete-connector-connection-pool(1)
delete-connector-security-map(1)
delete-connector-work-security-map(1)
delete-jdbc-connection-pool(1)
delete-message-security-provider(1)
delete-resource-adapter-config(1)
disable-http-lb-application(1)
disable-secure-admin-internal-user(1)
disable-secure-admin-principal(1)
enable-secure-admin-internal-user(1)
enable-secure-admin-principal(1)
list-connector-connection-pools(1)
list-connector-security-maps(1)
list-connector-work-security-maps(1)
list-message-security-providers(1)
list-resource-adapter-configs(1)
list-secure-admin-internal-users(1)
list-secure-admin-principals(1)
list-supported-cipher-suites(1)
unfreeze-transaction-service(1)
update-admin-server-coordinates(1)
update-admin-server-local-coordinates(1)
update-connector-security-map(1)
update-connector-work-security-map(1)
Oracle GlassFish Server 3.1 Section 1M: Utility Commands
Oracle GlassFish Server 3.1 Section 5ASC: GlassFish Server Concepts
- enables administrators to create a message security provider, which specifies how SOAP messages will be secured.
create-message-security-provider [--help] [--target target] --classname provider_class [--layer message_layer] [--providertype provider_type] [--requestauthsource request_auth_source ] [--requestauthrecipient request_auth_recipient ] [--responseauthsource response_auth_source ] [--responseauthrecipient response_auth_recipient ] [--isdefaultprovider] [--property name=value[:name=value]*] provider_name
The create-message-security-provider subcommand enables the administrator to create a message security provider for the security service which specifies how SOAP messages will be secured.
This command is supported in remote mode only.
If an option has a short option name, then the short option precedes the long option name. Short options have one dash whereas long options have two dashes.
Displays the help text for the subcommand.
Specifies the target for which you are creating the message security provider. The following values are valid:
Creates the provider for the default server instance server and is the default value.
Creates the provider for the domain.
Creates the provider for every server instance in the cluster.
Creates the provider for a particular sever instance.
Defines the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise. security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.
The message-layer entity used to define the value of the auth-layer attribute of message-security-config elements. The default is HttpServlet. Another option is SOAP.
Establishes whether the provider is to be used as client authentication provider, server authentication provider, or both. Valid options for this property include client, server, or client-server.
The auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to request messages. Possible values are sender or content. When this argument is not specified, source authentication of the request is not required.
The auth-recipient attribute defines a requirement for message-layer authentication of the receiver of a message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content.
The auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to response messages. Possible values are sender or content. When this option is not specified, source authentication of the response is not required.
The auth-recipient attribute defines a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content.
The default-provider attribute is used to designate the provider as the default provider (at the layer) of the type or types identified by the providertype argument. There is no default associated with this option.
Use this property to pass provider-specific property values to the provider when it is initialized. Properties passed in this way might include key aliases to be used by the provider to get keys from keystores, signing, canonicalization, encryption algorithms, etc.
The following properties may be set:
Specifies the location of the message security configuration file. To point to a configuration file in the domain-dir/config directory, use the system property ${com.sun.aas.instanceRoot}/config/, for example: ${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml. The default is domain-dir/config/ wss-serverconfig-1.0.xml.
If true, enables dumping of server provider debug messages to the server log. The default is false.
If true, signals the provider runtime to collect the user name and password from the CallbackHandler for each request. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule. The default is false.
Specifies the encryption key used by the provider. The key is identified by its keystore alias. The default value is s1as.
Specifies the signature key used by the provider. The key is identified by its keystore alias. The default value is s1as.
The name of the provider used to reference the provider-config element.
Example 1 Creating a Message Security Provider
The following example shows how to create a message security provider for a client.
asadmin> create-message-security-provider --classname com.sun.enterprise.security.jauth.ClientAuthModule --providertype client mySecurityProvider
command executed successfully
error in executing the command
delete-message-security-provider(1), list-message-security-providers(1)