All the steps for setting up the Web Server for using message security can be accomplished using the Admin Console or the wadm command-line tool. For more information on message security, see Sun Java System Web Server 7.0 Update 6 Administrator’s Guide.
Support for message-layer security is integrated into the Web Server in the form of pluggable authentication modules. By default, message layer security is disabled on the Web Server. The tasks in this section provide the details for enabling, creating, editing, and deleting message security configurations and providers.
To create a message security provider
To enable providers for message security
To delete a message security provider
To enable message security for stand-alone clients
In most cases, you need to restart or reconfigure the Web Server after performing these tasks, especially to apply the change to applications already deployed on Web Server.
You can add or edit or modify the message protection policy. The provider type, implementation class, and provider-specific configuration properties should be modified.
Login to the Admin Console.
Select the configuration you want to modify and click Edit Configuration.
Click the Java tab.
Click the Authentication tab and scroll down to the SOAP Authentication.
Click New to add a provider.
Add the new provider information
In this page, following information is available for modification.
Only Name and class Name are required. If these two fields are not specified, no authentication is applied to request or response messages. All other values are optional.
Name: Identifier for this provider. You can use this identifier name to specify the default provider when using wadm.
Class Name: The Java implementation class of the provider. Server-side providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface.
The request policy defines the authentication policy requirements associated with request processing performed by the authentication provider. Type the policies in message-sender order. For example, a requirement that encryption occur after content means that the message receiver expects to decrypt the message before validating the signature.
Request Authentication Source— Possible values are:
sender: Message-layer sender authentication, such as username and password
content: Content authentication, for example, digital signature
null: Source authentication of the request is not required
Click the Add Property button to add additional properties.
The provider shipped with the Web Server requires the server-config property. If other providers are used, refer to their documentation for more information on properties and valid values.
server.config: The directory and file name of an XML file that contains the server configuration information. This file is in the following location install_dir/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml.
Click OK.
Create a message security provider msgsecurity-provider:../bin/wadm create-soap-auth-provider --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test --class=com.sun.xml.wss.provider.ServerSecurityAuthModule --request-policy-auth-source=content --request-policy-auth-recipient=before-content --request-policy-auth-recipient=before-content --request-policy-auth-recipient=before-content msgsecurity-provider
Add the required property server.config:../bin/wadm set-soap-auth-provider-prop --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test --provider=msgsecurity-provider request-policy-auth-source=sender
List the provider properties: ../bin/wadm get-soap-auth-provider-prop --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test --provider=msgsecurity-provider
For more information about wadm commands and properties, see Sun Java System Web Server 7.0 Update 6 Administrator’s Configuration File Reference
You can enable the message security Web Services endpoints by specifying the default provider on the server side or by specifying in the message-binding element in sun-web.xml.
If you enable a default provider for message security, you also need an appropriate message security on the client side.
You cannot specify a default provider using the Admin Console. You have to specify the default provider through the wadm command-line interface.
../bin/wadm set-config-prop --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test default-soap-auth-provider-name=msgsecurity-provider
Login to the Admin Console.
Select the configuration you want to modify and click Edit Configuration.
Click the Java tab.
Click the Authentication tab and scroll down to SOAP Authentication.
Click Delete.
To delete a message security provider through the command-line interface, type the following command:wadm delete-soap-auth-provider --port=8989 --user=admin --password-file=/tmp/admin.passwd --config=test msgsecurity-provider
Configure the message protection policies of client so that they are equivalent to the message protection policies of the server-side providers with which they interact. A typical stand-alone client is illustrated by the bundled sample fromwsdl-soap12.