1. Administering System Security
2. Administering User Security
3. Administering Message Security
About Message Security in GlassFish Server
Security Tokens and Security Mechanisms
Application-Specific Web Services Security
Message Security Administration
Application Developer/Assembler
Sample Application for Web Services
Enabling Default Message Security Providers for Web Services
To Enable a Default Server Provider
To Enable a Default Client Provider
Configuring Message Protection Policies
Message Protection Policy Mapping
To Configure the Message Protection Policies for a Provider
Setting the Request and Response Policy for the Application Client Configuration
Administering Non-default Message Security Providers
To Create a Message Security Provider
To List Message Security Providers
To Update a Message Security Provider
To Delete a Message Security Provider
To Configure a Servlet Layer Server Authentication Module (SAM)
Enabling Message Security for Application Clients
Additional Information About Message Security
4. Administering Security in Cluster Mode
5. Managing Administrative Security
6. Running in a Secure Environment
The following topics are addressed here:
Use the create–message–security–provider subcommand in remote mode to create a new message provider for the security service. If the message layer does not exist, the message layer is created, and the provider is created under it.
Remote subcommands require a running server.
Information about properties for this subcommand is included in the help page.
Some properties require server restart. See Configuration Changes That Require Restart in Oracle GlassFish Server 3.1 Administration Guide. If your server needs to be restarted, see To Restart a Domain in Oracle GlassFish Server 3.1 Administration Guide.
Example 3-2 Creating a Message Security Provider
This example creates the new message security provider mySecurityProvider.
asadmin> create-message-security-provider --classname com.sun.enterprise.security.jauth.ClientAuthModule --providertype client mySecurityProvider Command create-message-security-provider executed successfully.
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help create–message–security–provider at the command line.
Use the list–message–security–providers subcommand in remote mode to list the message providers for the security layer.
Remote subcommands require a running server.
Example 3-3 Listing Message Security Providers
This example lists the message security providers for a message layer.
asadmin> list-message-security-providers --layer SOAP XWS_ClientProvider ClientProvider XWS_ServerProvider ServerProvider Command list-message-security-providers executed successfully.
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help list–message–security–providers at the command line.
Remote subcommands require a running server.
The message security provider is identified by its dotted name.
Use the delete-message-security-provider subcommand in remote mode to remove a message security provider.
Remote subcommands require a running server.
Example 3-4 Deleting a Message Security Provider
This example deletes the myServerityProvider message security provider.
asadmin> delete-message-security-provider --layer SOAP myServerityProvider Command delete-message-security-provider executed successfully.
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help delete–message–security–provider at the command line.
You configure a JSR 196 Server Authentication Module (SAM) as an HttpServlet-layer message security provider, either through the Administration Console or with the create-message-security-provider subcommand.
Remote subcommands require a running server.
Information about properties for this subcommand is included in the help page.
You do this by defining the httpservlet-security-provider attribute in the glassfish-web.xml file corresponding to your application. Set the value of the attribute to the provider name you assigned to the message security provider. For example, if you use MySAM when you create the message security provider the entry would be httpservlet-security-provider="MySAM".
Some properties require server restart. See Configuration Changes That Require Restart in Oracle GlassFish Server 3.1 Administration Guide. If your server needs to be restarted, see To Restart a Domain in Oracle GlassFish Server 3.1 Administration Guide.
Example 3-5 Creating a Message Security Provider
This example creates the new message security provider mySAM.
asadmin> create-message-security-provider --layer=HttpServlet --classname com.sun.glassfish.oamsam.OAMAuthenticatorSAM --providertype server --property oam.resource.hostid.variation="your-host-system.com" mySAM Creation of message security provider named mySAM completed successfully Command create-message-security-provider executed successfully.
The subcommand results in the following domain.xml entry:
<message-security-config auth-layer="HttpServlet"> <provider-config provider-type="server" provider-id="mySAM" class-name="com.sun.glassfish.oamsam.OAMAuthenticatorSAM"> <property name="oam.resource.hostid.variation" value="your-host-system.com"></property> <request-policy></request-policy> <response-policy></response-policy> </provider-config> </message-security-config>
To list the HttpServlet message security providers, use the list-message-security-providers subcommand:
asadmin> list-message-security-providers --layer HttpServlet list-message-security-providers successful GFConsoleAuthModule mySAM Command list-message-security-providers executed successfully.
See Also
You can also view the full syntax and options of the subcommand by typing asadmin help create–message–security–provider at the command line.