Specifies a configuration for one message security provider.
Although the request-policy and response-policy subelements are optional, the provider-config element does nothing if they are not specified.
Use property subelements to configure provider-specific properties. Property values are passed to the provider when its initialize method is called.
The following table describes subelements for the provider-config element.
Table 1–134 provider-config Subelements
Element |
Required |
Description |
---|---|---|
zero or one |
Defines the authentication policy requirements of the authentication provider’s request processing. |
|
zero or one |
Defines the authentication policy requirements of the authentication provider’s response processing. |
|
zero or more |
Specifies a property or a variable. |
The following table describes attributes for the provider-config element.
Table 1–135 provider-config Attributes
Attribute |
Default |
Description |
---|---|---|
none |
Specifies a unique identifier for this provider-config element. |
|
none |
Specifies whether the provider is a client, server, or client-server authentication provider. |
|
none |
Specifies the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server authentication providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. Client-server providers must implement both interfaces. |
The following table describes properties for the provider-config element.
Table 1–136 provider-config Properties
Property |
Default |
Description |
---|---|---|
domain-dir/config/wss-server-config-1.0.xml |
Specifies the location of the message security configuration file. To point to a configuration file in the domain-dir/config directory, use the system property ${com.sun.aas.instanceRoot}/config/, for example: ${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml See system-property. |
|
false |
If true, enables dumping of server provider debug messages to the server log. |
|
false |
If true, signals the provider runtime to collect the user name and password from the CallbackHandler for each request. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule. |
|
s1as |
Specifies the encryption key used by the provider. The key is identified by its keystore alias. |
|
s1as |
Specifies the signature key used by the provider. The key is identified by its keystore alias. |