Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Administration Guide

ProcedureCreating a Message Security Provider

To configure an existing provider, follow the steps in To configure a message security provider.

  1. In the Admin Console tree component, expand the Configurations node.

  2. Select the instance to configure:

    • To configure a particular instance, select the instance’s config node. For example, the default instance, server, select the server-config node.

    • To configure the default settings for all instances, select the default-config node.

  3. Expand the Security node.

  4. Expand the Message Security node.

  5. Select the SOAP node.

  6. Select the Providers tab.

  7. On the Provider Configuration page, click New.

  8. In the Provider Config section of the Create a Provider Configuration page, enter the following:

    • Default Provider – Check the box beside this field to make the new message security provider the provider to be invoked for any application for which a specific provider has not been bound. Whether the provider becomes the default client provider, the default server provider, or both will be based on the value selected for Provider Type.

    • Provider Type – Select client, server, or client-server to establish whether the provider is to be used as a client authentication provider, a server authentication provider, or both (a client-server provider).

    • Provider ID - Enter an identifier for this provider configuration. This name will appear in the Current Provider Configurations list.

    • Class Name - Enter the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.

  9. In the Request Policy section of the Create a Provider Configuration page, enter the following optional values, if needed.

    These properties are optional, but if not specified, no authentication is applied to request messages.

    • Authentication Source – Select sender, content, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password), content authentication (for example, digital signature), or no authentication be applied to request messages. When null is specified, source authentication of the request is not required.

    • Authentication Recipient – Select beforeContent or afterContent to define a requirement for message-layer authentication of the receiver of the request message to its sender (by XML encryption). When the value is not specified it defaults to afterContent.

    For a description of the actions performed by the SOAP message security providers as a result of the following message protection policies see Actions of Request and Response Policy Configurations.

  10. In the Response Policy section of the Create a Provider Configuration page, enter the following optional properties, if needed.

    These properties are optional, but if not specified, no authentication is applied to response messages.

    • Authentication Source – Select sender, content, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password) or content authentication (for example, digital signature) to be applied to response messages. When null is specified, source authentication of the response is not required.

    • Authentication Recipient – Select beforeContent or afterContent to define a requirement for message-layer authentication of the receiver of the response message to its sender (by XML encryption). When the value is not specified it defaults to afterContent.

    For a description of the actions performed by the SOAP message security providers as a result of the following message protection policies see Actions of Request and Response Policy Configurations.

  11. Add additional properties by clicking the Add Property button.

    The provider that is shipped with the Application Server supports the property listed below. If other providers are used, refer to their documentation for more information on properties and valid values.

    • server.config – The directory and file name of an XML file that contains the server configuration information. For example, domain-dir/config/wss-server-config.xml.

  12. Click OK to save this configuration, or click Cancel to quit without saving.

Equivalent asadmin command

create-message-security-provider