|
|
|
NAME
create-message-security-provider - enables administrators to create the message-security-config and provider-config sub-elements for the
security service in domain.xml
SYNOPSIS
create-message-security-provider --user admin_user [--passwordfile filename] [--host host_name] [--port port_number] [--secure|-s] [--terse=false] [--echo=false] [--interactive=true] [--help] [--target target] --classname provider_class [--layer message_layer] [--providertype provider_type] [--requestauthsource request_auth_source] [--requestauthrecipient request_auth_recipient] [--responsetauthsource response_auth_source] [--responseauthrecipient response_auth_recipient] [--isdefaultprovider] [--property (name=value)[:name=value]*] provider_name
Enables the administrator to create the message-security-config and provider-config sub-elements for the
security service in domain.xml (the file that specifies
parameters and properties to the Application Server). The options specified
in the list below apply to attributes within the message-security-config and provider-config sub-elements of the domain.xml file.
If the message-layer (message-security-config)
does not exist, it is created, and then the provider-config
is created under it.
This command is supported in remote mode only.
If an option has a short option name, then the short option preceeds
the long option name. Short options have one dash whereas long options have
two dashes.
- -u --user
-
The authorized domain application server administrative username.
- -w --password
-
The --password option is deprecated. Use --passwordfile instead.
- --passwordfile
-
This option replaces the -- password option. Using the --password option on the command line or through the environment is
deprecated. The --passwordfile option specifies the name of a file containing the password entries in a specified format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in capital letters. For example, to specify the domain
application server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD,
AS_ADMIN_SAVEDMASTERPASSWORD, AS_ADMIN_MQPASSWORD, AS_ADMIN_ALIASPASSWORD, and so on.
- -H --host
-
The machine name where the domain application server is running. The default value is localhost.
- -p --port
-
The port number of the domain application server listening for administration requests. The default port number for Platform Edition is 4848. The default port number for Enterprise
Edition is 4849.
- -s --secure
-
If set to true, uses SSL/TLS to communicate with the domain application server.
- -t --terse
-
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
- -e --echo
-
Setting to true will echo the command line statement on the standard output. Default is false.
- -I --interactive
-
If set to true (default), only the required password options are prompted.
- -h --help
-
Displays the help text for the command.
- --target
-
In Enterprise Edition, specifies the target to which you are
deploying. Valid values are
-
server, which deploys the component to
the default server instance server and is the default value
-
domain, which deploys the component to
the domain.
-
cluster_name, which deploys the
component to every server instance in the cluster.
-
instance_name, which deploys the
component to a particular sever instance.
-
-
The following optional attribute
name/value pairs are available:
Property | Definition |
classname | Defines the Java implementation class of the provider. Client authentication
providers must implement the com.sun.enterprise. security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security jauth.ServerAuthModule
interface. A provider may implement both interfaces, but it must implement
the interface corresponding to its provider type. |
layer | The message-layer entity used to define the value of the auth-layer attribute of message-security-config elements.
The default is SOAP. |
providertype | Establishes whether the provider is to be used as client authentication provider,
server authentication provider, or both. Valid options for this property include client, server, or client-server. The default value is client-server. |
requestauthsource | The auth-source attribute defines a requirement for message-layer
sender authentication (e.g. username password) or content authentication (e.g.
digital signature) to be applied to request messages. Possible values are sender or content. When this argument is not
specified, source authentication of the request is not required. |
requestauthrecipient | The auth-recipient attribute defines
a requirement for message-layer authentication of the receiver of a message
to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content. |
responseauthsource | The auth-source attribute defines a requirement for message-layer
sender authentication (e.g. username password) or content authentication (e.g.
digital signature) to be applied to response messages. Possible values are sender or content. When this option is not
specified, source authentication of the response is not required. |
responseauthrecipient | The auth-recipient attribute defines
a requirement for message-layer authentication of the receiver of the response
message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default
value is after-content. |
isdefaultprovider | The default-provider attribute is used to designate the
provider as the default provider (at the layer) of the type or types identified
by the providertype argument. There is no default associated
with this option. |
property | Use this property to pass provider-specific property values to the provider
when it is initialized. Properties passed in this way might include key aliases
to be used by the provider to get keys from keystores, signing, canonicalization,
encryption algorithms, etc. |
-
provider_name
-
The name of the provider used to reference the provider-config element.
Example 1. Using create-message-security-provider
The following example shows how to create a message security provider
for a client.
asadmin> create-message-security-provider --user admin
--passwordfile pwd_file
--classname com.sun.enterprise.security.jauth.ClientAuthModule
--providertype client mySecurityProvider
- 0
-
command executed successfully
- 1
-
error in executing the command
delete-message-security-provider(1), list-message-security-providers(1)
J2EE SDK 1.4 | Go To Top | Last Changed 31 Jan 2005 |
Company Info
|
Contact
|
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
|