To enable message security for application clients
The message protection policies of client providers must be configured such that they are equivalent to the message protection policies of the server-side providers they will be interacting with. This is already the case for the providers configured (but not enabled) when the Application Server is installed.
To enable message security for client applications, modify the Application Server specific configuration for the application client container.
-
Stop any client applications that depend on the client container descriptor.
-
In a text editor, open the Sun application client container descriptor, located in domain-dir/config/sun-acc.xml.
-
Add the default-client-provider element to the file to enable the default client provider in the application client.
The other code is provided to show where the code to enable message security for client applications should be located. The other code may differ slightly in your installation. Do not change it.
<client-container> <target-server name="your-host" address="your-host" port="your-port"/> <log-service file="" level="WARNING"/> <message-security-config auth-layer="SOAP" default-client-provider="ClientProvider"> <provider-config class-name="com.sun.enterprise.security.jauth.ClientAuthModule" provider-id="ClientProvider" provider-type="client"> <request-policy auth-source="sender"/> <response-policy/> <property name="security.config" value="C:/Sun/AppServer/lib/appclient/wss-client-config.xml"/> </provider-config> </message-security-config> </client-container>The message security provider configured in the client container will also require access to private keys and trusted certificates. This is accomplished by defining appropriate values for the following system properties in the application client startup script.
-Djavax.net.ssl.keyStore
-Djavax.net.ssl.trustStore
- © 2010, Oracle Corporation and/or its affiliates