1. Administering System Security
2. Administering User Security
3. Administering Message Security
About Message Security in GlassFish Server
Security Tokens and Security Mechanisms
Application-Specific Web Services Security
Message Security Administration
Application Developer/Assembler
Sample Application for Web Services
Configuring Message Protection Policies
Message Protection Policy Mapping
To Configure the Message Protection Policies for a Provider
Setting the Request and Response Policy for the Application Client Configuration
Administering Non-default Message Security Providers
To Create a Message Security Provider
To List Message Security Providers
To Update a Message Security Provider
To Delete a Message Security Provider
To Configure a Servlet Layer Server Authentication Module (SAM)
Enabling Message Security for Application Clients
Additional Information About Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
By default, message security is disabled on GlassFish Server. Default message security providers have been created, but are not active until you enable them. After the providers have been enabled, message security is enabled.
The following topics are addressed here:
To enable message security for web services endpoints deployed in GlassFish Server, you must specify a security provider to be used by default on the server side. If you enable a default provider for message security, you also need to enable providers to be used by clients of the web services deployed in GlassFish Server.
Use the following syntax:
asadmin set --port admin-port server-config.security-service.message-security-config.SOAP. default_provider=ServerProvider
See To Restart a Domain in Oracle GlassFish Server 3.1 Administration Guide.
To enable message security for web service invocations originating from deployed endpoints, you must specify a default client provider. If you enabled a default client provider for GlassFish Server, you must ensure that any services invoked from endpoints deployed in GlassFish Server are compatibly configured for message layer security.
Use the following syntax:
asadmin set --port admin-port server-config.security-service.message-security-config.SOAP. default_client_provider=ClientProvider
See To Restart a Domain in Oracle GlassFish Server 3.1 Administration Guide.