Sun GlassFish Enterprise Server v2.1.1 Administration Guide

Assigning Message Security Responsibilities

In the Enterprise Server, the System Administrator and Application Deployer roles are expected to take primary responsibility for configuring message security. In some situations, the Application Developer may also contribute, although in the typical case either of the other roles may secure an existing application without changing its implementation without involving the developer. The responsibilities of the various roles are defined in the following sections:

System Administrator

The system administrator is responsible for:

A system administrator uses the Admin Console to manage server security settings and uses a command line tool to manage certificate databases. In Platform Edition, certificates and private keys are stored in key stores and are managed with keytool. Standard Edition and Enterprise Edition store certificates and private keys in an NSS database, where they are managed using certutil. This document is intended primarily for system administrators. For an overview of message security tasks, see Configuring the Enterprise Server for Message Security.

Application Deployer

The application deployer is responsible for:

Application Developer

The application developer can turn on message security, but is not responsible for doing so. Message security can be set up by the System Administrator so that all web services are secured, or by the Application Deployer when the provider or protection policy bound to the application must be different from that bound to the container.

The application developer or assembler is responsible for the following: