Four types of authentication mechanisms are supported for web service consumer endpoints.
A consumer endpoint can be configured to use one of these mechanisms by adding it as a child element to the MustSupportBasicAuthentication element of the endpoints Policy.
WssTokenCompare Username/Password Authentication: Compares the username and password extracted from the HTTP Authorization request header with the username and password specified in the Policy's WssUsernameToken10 and WssPassword elements.
Using the Access Manager for Authentication and Authorization: Configures the consuming endpoint to use the Sun Access Manager to authenticate the HTTP client's credentials.
Using the OpenSSO Web Services Security (WSS) Agent for Authentication and Authorization: Configures the consuming endpoint to use the OpenSSO Web Services Security Agent to authenticate the HTTP client's credentials.
Using the GlassFish Realm Security to Authenticate the HTTP Client Credentials: Configures the consuming endpoint to use the Sun Realm security to authenticate the HTTP client's credentials.
The following sections describe these mechanisms in more detail.