Sun Java System Web Server 7.0 Update 3 Developer's Guide to Java Web Applications

Actions of Request and Response Policy Configurations

The following table shows message protection policy configuration and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration.

Table 8–1 Message Protection Policy Configuration

Message Protection Policy 

Resulting WS-Security SOAP Message Protection Operation 

auth-source= "sender"

The message contains the wase:security header that contains a wsse:UsernameToken with password.

auth-source="content"

The content of the SOAP message body is signed. The message contains a wsse:Security header that contains the message body signature represented as a ds:Signature.

auth-source="sender" auth-recipient="before-content" OR auth-recipient="after-content"

The content of the SOAP message body is encrypted and replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains a wsse:UsernameToken with password and an xenc:EncryptedKey. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.

auth-source= "content" auth-recipient= "before-content"

The content of the SOAP message body is encrypted and replaced with the resulting xend:EncryptedData. The xenc:EncryptedData is signed. The message contains a wsse:Security header that contains an xenc:EncryptedKey and a ds:Signature. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.

auth-source="content"

auth-recipient="after-content"

The content of the SOAP message body is signed, then encrypted, and then replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains an xenc:EncryptedKey and a ds:Signature. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.

auth-recipient="before-content" OR auth-recipient="after-content"

The content of the SOAP message body is encrypted and replaced with the resulting xend:EncryptedData. The message contains a wsse:Security header that contains an xenc:EncryptedKey. The xenc:EncryptedKey contains the key used to encrypt the SOAP message body. The key is encrypted in the public key of the recipient.

No policy specified 

No security operations are performed by the modules. 

ProcedureTo Configure Other Security Facilities

The Web Server implements message security using message security providers integrated in its SOAP processing layer. The message security providers depend on other security facilities of Web Server.

  1. If using a username token, configure a user database, if necessary.

    When using a username and password token, an appropriate realm must be configured and an appropriate user database must be configured for the realm.

  2. Manage certificates and private keys, if necessary.

    After configuring the Web Server facilities for use by message security providers as described in Managing Certificates in Sun Java System Web Server 7.0 Update 3 Administrator’s Guide.