The Application Server implements message security using message security providers integrated in its SOAP processing layer. The message security providers depend on other security facilities of Application Server.
If using a version of the Java SDK prior to version 1.5.0, and using encryption technology, configure a JCE provider.
Configuring a JCE provider is discussed in Configuring a JCE Provider.
If using a username token, configure a user database, if necessary. When using a username/password token, an appropriate realm must be configured and an appropriate user database must be configured for the realm.
Manage certificates and private keys, if necessary.
Once the facilities of the Application Server are configured for use by message security providers, then the providers installed with the Application Server may be enabled as described in Enabling Providers for Message Security.