sun.com  |  docs.sun.com
 
How To Buy   |   My Sun   |   Worldwide Sites
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  
 
User Commandscreate-message-security-provider(1)

NAME

 create-message-security-provider - enables administrators to create the message-security-config and provider-config sub-elements for the security service in domain.xml

SYNOPSIS

 create-message-security-provider user admin_user [passwordfile filename] [host host_name] [port port_number] [secure|s] [terse=false] [echo=false] [interactive=true] [help] [target target] classname provider_class [layer message_layer] [providertype provider_type] [requestauthsource request_auth_source] [requestauthrecipient request_auth_recipient] [responsetauthsource response_auth_source] [responseauthrecipient response_auth_recipient] [isdefaultprovider] [property (name=value)[:name=value]*] provider_name

DESCRIPTION

Enables the administrator to create the message-security-config and provider-config sub-elements for the security service in domain.xml (the file that specifies parameters and properties to the Application Server). The options specified in the list below apply to attributes within the message-security-config and provider-config sub-elements of the domain.xml file.

If the message-layer (message-security-config) does not exist, it is created, and then the provider-config is created under it.

This command is supported in remote mode only.

OPTIONS

If an option has a short option name, then the short option preceeds the long option name. Short options have one dash whereas long options have two dashes.

u user

The authorized domain application server administrative username.

w password

The password option is deprecated. Use passwordfile instead.

passwordfile

This option replaces the password option. Using the password option on the command line or through the environment is deprecated. The passwordfile option specifies the name of a file containing the password entries in a specified format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in capital letters. For example, to specify the domain application server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD, AS_ADMIN_SAVEDMASTERPASSWORD, AS_ADMIN_MQPASSWORD, AS_ADMIN_ALIASPASSWORD, and so on.

H host

The machine name where the domain application server is running. The default value is localhost.

p port

The port number of the domain application server listening for administration requests. The default port number for Enterprise Edition is 4849.

s secure

If set to true, uses SSL/TLS to communicate with the domain application server.

t terse

Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.

e echo

Setting to true will echo the command line statement on the standard output. Default is false.

I interactive

If set to true (default), only the required password options are prompted.

h help

Displays the help text for the command.

target

In Enterprise Edition, specifies the target to which you are deploying. Valid values are

  • server, which deploys the component to the default server instance server and is the default value

  • domain, which deploys the component to the domain.

  • cluster_name, which deploys the component to every server instance in the cluster.

  • instance_name, which deploys the component to a particular sever instance.

The following optional attribute name/value pairs are available:

PropertyDefinition
classnameDefines the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise. security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.
layerThe message-layer entity used to define the value of the auth-layer attribute of message-security-config elements. The default is SOAP.
providertypeEstablishes whether the provider is to be used as client authentication provider, server authentication provider, or both. Valid options for this property include client, server, or client-server. The default value is client-server.
requestauthsourceThe auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to request messages. Possible values are sender or content. When this argument is not specified, source authentication of the request is not required.
requestauthrecipientThe auth-recipient attribute defines a requirement for message-layer authentication of the receiver of a message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content.
responseauthsourceThe auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to response messages. Possible values are sender or content. When this option is not specified, source authentication of the response is not required.
responseauthrecipientThe auth-recipient attribute defines a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content.
isdefaultproviderThe default-provider attribute is used to designate the provider as the default provider (at the layer) of the type or types identified by the providertype argument. There is no default associated with this option.
propertyUse this property to pass provider-specific property values to the provider when it is initialized. Properties passed in this way might include key aliases to be used by the provider to get keys from keystores, signing, canonicalization, encryption algorithms, etc.

OPERANDS

provider_name

The name of the provider used to reference the provider-config element.

EXAMPLES

Example 1. Using create-message-security-provider

The following example shows how to create a message security provider for a client.

asadmin> create-message-security-provider --user admin
--passwordfile pwd_file 
--classname com.sun.enterprise.security.jauth.ClientAuthModule
--providertype client mySecurityProvider

EXIT STATUS

0

command executed successfully

1

error in executing the command

SEE ALSO

delete-message-security-provider(1), list-message-security-providers(1)

J2EE SDK 1.4Go To TopLast Changed 31 Jan 2005
Company Info   |   Contact   |   Copyright 2004 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms.