Sun GlassFish Enterprise Server 2.1 Administration Reference

provider-config

Specifies a configuration for one message security provider.

Although the request-policy and response-policy subelements are optional, the provider-config element does nothing if they are not specified.

Use property subelements to configure provider-specific properties. Property values are passed to the provider when its initialize method is called.

Superelements

message-security-config

Subelements

The following table describes subelements for the provider-config element.

Table 1–146 provider-config Subelements

Element 

Required 

Description 

request-policy

zero or one 

Defines the authentication policy requirements of the authentication provider’s request processing. 

response-policy

zero or one 

Defines the authentication policy requirements of the authentication provider’s response processing. 

property

zero or more 

Specifies a property or a variable. 

Attributes

The following table describes attributes for the provider-config element.

Table 1–147 provider-config Attributes

Attribute 

Default 

Description 

provider-id

none 

Specifies a unique identifier for this provider-config element.

provider-type

none 

Specifies whether the provider is a client, server, or client-server authentication provider.

class-name

none 

Specifies the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server authentication providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. Client-server providers must implement both interfaces.

Properties

The following table describes properties for the provider-config element.

Table 1–148 provider-config Properties

Property 

Default 

Description 

security.config

domain-dir/config/wss-server-config-1.0.xml

Specifies the location of the message security configuration file. To point to a configuration file in the domain-dir/config directory, use the prefix ${com.sun.aas.instanceRoot}/config/, for example:

${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml

debug

false

If true, enables dumping of server provider debug messages to the server log.

dynamic.username.password

false

If true, signals the provider runtime to collect the user name and password from the CallbackHandler for each request. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule.

encryption.key.alias

s1as

Specifies the encryption key used by the provider. The key is identified by its keystore alias.

signature.key.alias

s1as

Specifies the signature key used by the provider. The key is identified by its keystore alias.