Sun GlassFish Enterprise Server v3 Administration Guide

Security Tokens and Security Mechanisms

WS-Security is a specification that provides a communications protocol for applying security to web services. The security mechanisms implement the specification. Web Services Interoperability Technologies (WSIT) implements WS-Security so as to provide interoperable message content integrity and confidentiality, even when messages pass through intermediary nodes before reaching their destination endpoint. WS-Security as provided by WSIT is in addition to existing transport-level security, which can still be used. The Simple Object Access Protocol (SOAP) layer message security providers installed with Enterprise Server can be used to employ username/password and X.509 certificate security tokens to authenticate and encrypt SOAP web services messages.