Security-related additions to sun-web.xml are described in detail in the following sections.
The syntax for the webservice-endpoint element is as follows:
<!ELEMENT webservice-endpoint (port-component name, endpoint-address-uri?, (login-config|message-security-binding)?,transport-guarantee?, service-gname?,tie-class?, servlet-imp-class?)>Table 8–2 webservice-endpoint Element
Element Name |
Occurrences |
Description |
Type |
port-component-name |
1 |
Unique name of a Web Service within a module. This name should be the same as the endpoint: name in sun-jaxws.xml. |
PCDATA |
endpoint-address-uri |
0 or 1 |
Unused for Web Server |
PCDATA |
login-config |
Unused for Web Server | ||
message-security-binding |
0 or 1 |
Used to bind a Web Service endpoint or port to a specific security provider. This element can also be used to provide a definition of message security requirements to be enforced by the security provider. |
See Table 8–3 message-security—binding |
transport-guarantee |
0 or 1 |
Unused for Web Server |
PCDATA |
service-qname |
0 or 1 |
Unused for Web Server | |
tie-class |
0 or 1 |
Unused for Web Server |
PCDATA |
servlet-impl-class |
0 or 1 |
Unused for Web Server |
Class name |
The message-security-binding element is used to bind a web service endpoint or port to a specific security provider.
The syntax for this element is as follows:
<!ELEMENT message-security-binding (message-security*)> <!ATLIST message-security-binding auth-layer %message-layer;#REQUIRED provider-id CDATA #IMPLIED >Table 8–3 message-security-binding Element
Element name |
Occurrences |
Description |
Type |
message-security |
0 or more |
Specifies the message security requirements of request and response for the endpoint or port |
See Table 8–5 |
Table 8–4 Attributes of the message-security-binding Element
Attribute name |
Description |
Type |
Default |
auth-layer |
Layer at which the security should be enforced |
Entity message-layer |
This attribute is required. |
provider-id |
Identifies the provider-config that should be used |
CDATA |
If a value is not specified, then the default provider is used. If no default provider exists at the layer, the authentication requirements defined in the message-security-binding are not enforced. |
The syntax for the message-security element is as follows:
<!ELEMENT message-security (message+, request-protection?, response-protection?)>
Table 8–5 message-security Element
Element name |
Occurrences |
Description |
Type |
message |
1 or more |
Describes the methods or operations to which the security requirements apply | |
request-protection |
0 or 1 |
Describes the authentication requirements applicable to a request | |
response-protection |
0 or 1 |
Describes the authentication requirements applicable to a response |
The syntax for the message element is as follows: <!ELEMENT (java-method?|operation-name?)>.
Table 8–6 message element
Element name |
occurrences |
Description |
Type |
java-method |
0 or 1 |
Java methods on which the security should be enforced | |
operation-name |
0 or 1 |
WSDL name of an operation of the web service |
PCDATA |
The syntax for the request-protection element is as follows.
<!ELEMENT request-protection EMPTY> <!ATTLIST request-protection auth-source (sender|content)#IMPLIED auth-recipient (before-content |after-content)#IMPLIEDTable 8–7 request-protection Element
Attribute name |
Description |
Value |
Default |
auth-source |
Defines a requirement for message layer sender authentication for example, username and password or content authentication, for example, digital signature |
sender or content |
Implied |
auth-recipient |
Defines a requirement for message layer authentication of the receiver of a message to its sender for example, by XML encryption. A before-content attribute value indicates that recipient authentication occurs before any content authentication. |
before-content or after-content |
Implied |
The syntax for the response-protection element is as follows:
<<!ELEMENT response-protection EMPTY> <!ATTLIST response-protection auth-source (sender|content)#IMPLIED auth-recipient (before-content |after-content)#IMPLIEDTable 8–8 Attributes of the response-protection Element
Attribute name |
Description |
Value |
Default |
auth-source |
Defines a requirement for message layer sender authentication, for example, username and password) or content authentication, for example, digital signature |
sender or content |
Implied |
auth-recipient |
Defines a requirement for message layer authentication of the receiver of a message to its sender, for example by XML encryption. The before-content attribute value indicates that recipient authentication occurs before any content authentication with respect to the target of the containing auth-policy. |
before-content or after-content |
Implied |
The syntax for the java-method element is as follows:
<!ELEMENT java-method (method-name,method-params?)>Table 8–9 java-method Element
Element name |
Occurrences |
Description |
Value |
method-name |
1 |
Name of the service method |
PCDATA |
method-params |
0 or 1 |
List of the fully qualified Java type names of the method parameters. |
The syntax for method-params (method-param*) element is as follows:
Table 8–10 Attributes of the method-params Element
Element name |
Occurrences |
Description |
Value |
method-params |
0 or more |
Fully qualified Java type name of a method parameter |
PCDATA |
The message-layer entity defines the value of the value of the auth-layer attribute.
The syntax for message-layer entity is:<!Entity %message-layer "(SOAP)"