In the Web Server, the system administrator and application deployer roles are expected to take primary responsibility for configuring message security. In some situations, the application developer also contribute, although in the typical case either of the roles might secure an existing application without changing its implementation and therefore without involving the developer. The responsibilities of the various roles are defined in the following sections.
The system administrator is responsible for the following tasks:
Configuring message security providers on the Web Server
Managing user databases
Managing the keystore and truststore files
Deploying the samples program fromwsdl-soap12, which demonstrates the message layer web services security
A system administrator uses the Admin Console to manage server security settings. Web Server stores certificates and private keys in an NSS database, the administrator can manage them using certutil. For an overview of message security tasks, see Configuring the Web Server for Message Security.
The application deployer is responsible for the following tasks:
Specifying at application assembly any required application-specific message protection policies if such policies have not already been specified by upstream roles (the developer or assembler).
Modifying Sun deployment descriptors to specify application-specific message protection policies information message-security-binding elements to a web service endpoint.
The application developer can setup message security but is not responsible for doing so. The system administrator can set the message security so that all Web Services are secured. The application deployer can set the message security when the provider or protection policy bound to the application must be different from that bound to the container.
The application developer or assembler is responsible for the following tasks:
Determining whether an application-specific message protection policy is required by the application. If the policy is required, the developer or assembler works with the application deployer and ensures that the required policy is specified during application assembly.