Sun GlassFish Enterprise Server v3 Administration Guide

Message Security Administration

When Enterprise Server is installed, SOAP layer message security providers are configured in the client and server-side containers of Enterprise Server, where they are available for binding for use by the containers, or by individual applications or clients deployed in the containers. During installation, the default providers are configured with a simple message protection policy that, if bound to a container, or to an application or client in a container, would cause the source of the content in all request and response messages to be authenticated by XML digital signature.

Enterprise Server administrative interfaces can be used as follows:

Analogous administrative operations can be performed on the SOAP message layer security configuration of the application client container. If you want web services security to protect all web services applications deployed on Enterprise Server. See Enabling Message Security for Application Clients.

By default, message layer security is disabled on Enterprise Server. To configure message layer security for the Enterprise Server see Enabling Default Message Security Providers for Web Services.

In most cases, you must restart Enterprise Server after performing administrative tasks. This is especially true if you want the effects of the administrative change to be applied to applications that were already deployed on Enterprise Server at the time the operation was performed.

Message Security Tasks

The general implementation tasks for message security include some or all of the following:

  1. If you are using a version of the Java SDK prior to version 1.5.0, and using encryption technology, configuring a JCE provider

  2. If you are using a username token, verifying that a user database is configured for an appropriate realm

    When using a username/password token, an appropriate realm must be configured and a user database must be configured for the realm.

  3. Managing certificates and private keys, if necessary

  4. Enabling the Enterprise Server default providers

  5. Configuring new message security providers

Message Security Roles

In Enterprise Server, the administrator and the application deployer are expected to take primary responsibility for configuring message security. In some situations, the application developer might also contribute.

System Administrator

The system administrator is responsible for the following message security tasks:

Application Deployer

The application deployer is responsible for the following message security tasks:

Application Developer/Assembler

The application developer/assembler is responsible for the following message security tasks: