Sun Java System Web Server 7.0 Update 5 Developer's Guide to Java Web Applications

Admin Console Tasks for Message Security

All the steps for setting up the Web Server for using message security can be accomplished using the Admin Console or the wadm command-line tool. For more information on message security, see Sun Java System Web Server 7.0 Update 5 Administrator’s Guide.

Support for message-layer security is integrated into the Web Server in the form of pluggable authentication modules. By default, message layer security is disabled on the Web Server. The tasks in this section provide the details for enabling, creating, editing, and deleting message security configurations and providers.

In most cases, you need to restart or reconfigure the Web Server after performing these tasks, especially to apply the change to applications already deployed on Web Server.

Procedure To Create a Message Security Provider

You can add or edit or modify the message protection policy. The provider type, implementation class, and provider-specific configuration properties should be modified.

  1. Login to the Admin Console.

  2. Select the configuration you want to modify and click Edit Configuration.

  3. Click the Java tab.

  4. Click the Authentication tab and scroll down to the SOAP Authentication.

    • To modify an existing provider, select the provider name and edit the values.

  5. Click New to add a provider.

  6. Add the new provider information

    In this page, following information is available for modification.


    Note –

    Only Name and class Name are required. If these two fields are not specified, no authentication is applied to request or response messages. All other values are optional.


    • Name: Identifier for this provider. You can use this identifier name to specify the default provider when using wadm.

    • Class Name: The Java implementation class of the provider. Server-side providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface.

      The request policy defines the authentication policy requirements associated with request processing performed by the authentication provider. Type the policies in message-sender order. For example, a requirement that encryption occur after content means that the message receiver expects to decrypt the message before validating the signature.

    • Request Authentication Source— Possible values are:

      • sender: Message-layer sender authentication, such as username and password

      • content: Content authentication, for example, digital signature

      • null: Source authentication of the request is not required

  7. Click the Add Property button to add additional properties.

    The provider shipped with the Web Server requires the server-config property. If other providers are used, refer to their documentation for more information on properties and valid values.

    • server.config: The directory and file name of an XML file that contains the server configuration information. This file is in the following location install_dir/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml.

  8. Click OK.


Example 3–1 To set the response policy, replace the word request in the following commands with response.


Enabling Providers for Message Security

You can enable the message security Web Services endpoints by specifying the default provider on the server side or by specifying in the message-binding element in sun-web.xml.

If you enable a default provider for message security, you also need an appropriate message security on the client side.


Note –

You cannot specify a default provider using the Admin Console. You have to specify the default provider through the wadm command-line interface.


../bin/wadm set-config-prop --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test default-soap-auth-provider-name=msgsecurity-provider

ProcedureTo Delete a Message Security Provider

  1. Login to the Admin Console.

  2. Select the configuration you want to modify and click Edit Configuration.

  3. Click the Java tab.

  4. Click the Authentication tab and scroll down to SOAP Authentication.

  5. Click Delete.


Example 3–2 To Delete a Message Provider

To delete a message security provider through the command-line interface, type the following command:wadm delete-soap-auth-provider --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test msgsecurity-provider


Enabling Message Security Clients

Configure the message protection policies of client so that they are equivalent to the message protection policies of the server-side providers with which they interact. A typical stand-alone client is illustrated by the bundled sample fromwsdl-soap12.