1. Administering System Security
2. Administering User Security
3. Administering Message Security
About Message Security in GlassFish Server
Security Tokens and Security Mechanisms
Application-Specific Web Services Security
Message Security Administration
Application Developer/Assembler
Sample Application for Web Services
Enabling Default Message Security Providers for Web Services
To Enable a Default Server Provider
To Enable a Default Client Provider
Configuring Message Protection Policies
Message Protection Policy Mapping
To Configure the Message Protection Policies for a Provider
Setting the Request and Response Policy for the Application Client Configuration
Administering Non-default Message Security Providers
To Create a Message Security Provider
To List Message Security Providers
To Update a Message Security Provider
To Delete a Message Security Provider
To Configure a Servlet Layer Server Authentication Module (SAM)
Additional Information About Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
The message protection policies of client providers must be configured such that they are equivalent to the message protection policies of the server-side providers they will be interacting with. This is already the situation for the providers configured (but not enabled) when GlassFish Server is installed.
To enable message security for client applications, modify the GlassFish Server specific configuration for the application client container. The process is analogous to the process in Configuring Message Protection Policies.