Message Security Providers

When you first install the Application Server, the providers XWS_ClientProvider and XWS_ServerProvider are configured but disabled. You can enable them in one of the following ways:

• To enable the message security providers using the Admin Console, open the Security component under the relevant configuration, select the Message Security component, and select SOAP. Then select XWS_ServerProvider from the Default Provider list and XWS_ClientProvider from the Default Client Provider list. For details, click the Help button in the Admin Console.

• You can enable the message security providers using the following commands.

  asadmin set --user adminuser server-config.security-service.message-security-config.SOAP.default_provider=XWS_ServerProvider asadmin set --user adminuser server-config.security-service.message-security-config.SOAP.default_client_provider=XWS_ClientProvider

  For more information about the asadmin set command, see the Sun Java System Application Server 9.1 Reference Manual.

The example described in Understanding and Running the Sample Application uses the ClientProvider and ServerProvider providers, which are enabled when the asant targets are run. You don’t need to enable these on the Application Server prior to running the example.

If you install the Access Manager, you have these additional provider choices:

• AMClientProvider and AMServerProvider – These providers secure web services and Simple Object Access Protocol (SOAP) messages using either WS-I BSP or Liberty ID-WSF tokens. These providers are used automatically if they are configured as the default providers. If you wish to override any provider settings, you can configure these providers in message-security-binding elements in the sun-web.xml, sun-ejb-jar.xml, and sun-application-client.xml deployment descriptor files.

• AMHttpProvider – This provider handles the initial end user authentication for securing web services using Liberty ID-WSF tokens and redirects requests to the Access Manager for single sign-on. To use this provider, specify it in the httpservlet-security-provider attribute of the sun-web-app element in the sun-web.xml file.

Liberty specifications can be viewed at http://www.projectliberty.org/resources/specifications.php. The WS-I BSP specification can be viewed at http://www.ws-i.org/Profiles/BasicSecurityProfile-1.0.html.

For more information about the Sun-specific deployment descriptor files, see the Sun Java System Application Server 9.1 Application Deployment Guide.

For information about configuring these providers in the Application Server, see Chapter 10, Configuring Message Security, in Sun Java System Application Server 9.1 Administration Guide. For additional information about overriding provider settings, see Application-Specific Message Protection.

You can create new message security providers in one of the following ways:

• To create a message security provider using the Admin Console, open the Security component under the relevant configuration, and select the Message Security component. For details, click the Help button in the Admin Console.

• You can use the asadmin create-message-security-provider command to create a message security provider. For details, see the Sun Java System Application Server 9.1 Reference Manual.

In addition, you can set a few optional provider properties. For more information, see the property descriptions under provider-config in Sun Java System Application Server 9.1 Administration Reference.