Oracle GlassFish Server 3.0.1 Application Development Guide

Message Security Providers

When you first install the GlassFish Server, the providers XWS_ClientProvider and XWS_ServerProvider are configured but disabled. You can enable them in one of the following ways:

The example described in Understanding and Running the Sample Application uses the ClientProvider and ServerProvider providers, which are enabled when the Ant targets are run. You don’t need to enable these on the GlassFish Server prior to running the example.

If you install the OpenSSO, you have these additional provider choices:

Liberty specifications can be viewed at The WS-I BSP specification can be viewed at

For more information about the GlassFish Server deployment descriptor files, see the Oracle GlassFish Server 3.0.1 Application Deployment Guide.

For information about configuring these providers in the GlassFish Server, see Chapter 13, Administering Message Security, in Oracle GlassFish Server 3.0.1 Administration Guide. For additional information about overriding provider settings, see Application-Specific Message Protection.

You can create new message security providers in one of the following ways:

In addition, you can set a few optional provider properties using the asadmin set command. For example:

asadmin set

The following table describes these message security provider properties.

Table 5–2 Message Security Provider Properties






Specifies the location of the message security configuration file. To point to a configuration file in the domain-dir/config directory, use the system property ${com.sun.aas.instanceRoot}/config/, for example:


See System Properties.



If true, enables dumping of server provider debug messages to the server log.



If true, signals the provider runtime to collect the user name and password from the CallbackHandler for each request. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule.



Specifies the encryption key used by the provider. The key is identified by its keystore alias.



Specifies the signature key used by the provider. The key is identified by its keystore alias.