Oracle GlassFish Server 3.0.1 Application Development Guide

Configuring Message Protection for a Specific Method Based on Digital Signatures

To enable message protection for a specific method, or for a set of methods that can be identified using a wildcard value, follow these steps. As in the example discussed in Using a Signature to Enable Message Protection for All Methods, to enable message protection for a specific method, update the message-security-binding element for the EJB web service endpoint in the application’s sun-ejb-jar.xml file. To this file, add request-protection and response-protection elements, which are analogous to the request-policy and response-policy elements discussed in Chapter 13, Administering Message Security, in Oracle GlassFish Server 3.0.1 Administration Guide. The administration guide includes a table listing the set and order of security operations for different request and response policy configurations.

This section uses the sample application discussed in Understanding and Running the Sample Application to apply application-level message security to show only the differences necessary for protecting web services using various mechanisms.

ProcedureTo Enable Message Protection for a Particular Method or Set of Methods Using Digital Signature

  1. In a text editor, open the application’s sun-ejb-jar.xml file.

    For the xms example, this file is located in the directory app-dir/xms-ejb/src/conf, where app-dir is defined in To Set Up the Sample Application.

  2. Modify the sun-ejb-jar.xml file by adding the message-security-binding element as shown:

            <message-security-binding auth-layer="SOAP">
                <request-protection auth-source="content" />
                <response-protection auth-source="content"/>
  3. Compile, deploy, and run the application as described in To Run the Sample Application.