Using the Access Manager for Authentication and Authorization (Using the HTTP Binding Component)

Using the HTTP Binding Component

Using the Access Manager for Authentication and Authorization

To use Access Manager to configure access-level authorization, you configure the consuming endpoint to use the Sun Access Manager to authenticate the client's credentials. The HTTP Binding Component SOAP binding integrates seamlessly with Sun Access Manager to authenticate the HTTP client's credentials (the username and password extracted from the HTTP Authorization header) against the user's credentials in the Sun Access Manager database.

To configure the HTTP/SOAP Binding Component to use Access Manager, set the HTTP Binding Component Runtime property Sun Access Manager Configuration Directory value to the directory where the Sun Access Manager's AMConfig.properties file can be found.

To configure the Sun Access Manager Configuration Directory, do the following:

Access the HTTP Binding Component Properties from the NetBeans Services window. Right-click sun-http-binding under Servers > GlassFish V2 > JBI > Binding Components, and choose Properties from the pop-up menu.
Configure the Sun Access Manager Configuration Directory property to specify the location of the Sun Access Manager's AMConfig.properties file.
Configure the policy in the WSDL to enable Authorization by changing the Access Manager authorization attribute to true (note the attribute authorization="true" in the example below). This attribute is optional and the default value is false.

The following sample WSDL contains the policy and its reference to use AccessManager.

<service name="AuthAMService">
    <port name="AuthAMPort" binding="tns:AuthAMBinding">
        <soap:address location="http://localhost:${HttpDefaultPort}/AuthAMService
/AuthAMPort"/>
        <wsp:PolicyReference URI="#HttpAuthorizationBindingAMPolicy"/>
    </port>
</service>
<wsp:Policy wsu:Id="HttpAuthorizationBindingAMPolicy">
    <mysp:MustSupportBasicAuthentication on="true">
        <!-- authenticationType is one of simple, am, or realm -->
        <mysp:BasicAuthenticationDetail>
            <mysp:AccessManager authorization="true"/>
        </mysp:BasicAuthenticationDetail>
    </mysp:MustSupportBasicAuthentication>
</wsp:Policy>

For a tutorial demonstrating how to secure communications between a service client and server using the Sun Java System Access Manager, see: Securing Communications in OpenESB with Sun Access Manager.