15�� ޽��

�� 忡�� Sun Java System Application Server 8.1 2005Q1�� % ��񽺿� �� ޽�� մϴ�. �� : ��= ��8�� Ǿ� �ֽ4ϴ�.

�޽�� d��

�޽�� ȿ� �� ܼ� �۾�

�� Ϻ� ��: �� % �� 信 �� ⺻�� ذ� �ʿ��մϴ�. �� 信 �� ڼ�� ; ��x� �� ; ��ϱ� �� "�ڼ�� "�� ִ� �ڿ�; Ȯ��Ͻʽÿ�.

�޽�� d��

�޽��

Application Server�� ޽��

% ��

�� ?� �wα׷� ��

�޽�� ; '�� Application Server ��

�޽��

�޽�� �� d�� ޽�� ԵǹǷ� ��Ʈ��ŷ ��; �� ޽�� Բ� �޽�� մϴ�. �޽�� ; ��Ͽ� �޽�� ۿ�� ޽�� ȣ�� и��Ͽ� �� Ŀ�� ޽�� ȣ�ǵ�� ϴ� �� (J2EE 1.4 Tutorial�� Security �忡�� )�� ޽�� : �ٸ��ϴ�.

WS-Security(% �� : SOAP �޽�� )�� Sun Microsystems�� % �� ֿ� f��ü�� OASIS�� ȣ � �� % �� f�� ǥ��Դϴ�. WS-Security�� XML ��ȣȭ �� XML �� ; ��Ͽ� SOAP�� ۵� % �� ޽�� ó��ϴ� �޽�� ü��Դϴ�. WS-Security ��翡�� SOAP % �� ޽�� ȣȭ�ϱ� '�� X.509 ��, SAML ��f �� ̵�/��й�ȣ ��ū ��; �� پ�� ū ��; d��մϴ�.

Application Server�� ޽��

Sun Java System Application Server 8.1 2005Q1�� % �� Ŭ��̾�Ʈ�� ̳�� WS-Security ǥ�ؿ� �� յ� ��; f��մϴ�. Application Server�� ̳ʰ� �?� �wα׷�; ��Ͽ� % �� ; ��ϰ� �?� �wα׷�� ; �� ʰ� % �� ?� �wα׷�; ��ȣ�ϴ� �� ֵ�� յǾ� �ֽ4ϴ�. Application Server�� SOAP �� ޽�� ڿ� �޽�� ȣ då; ��̳ʿ� ��̳ʿ� �� ?� �wα׷�� ε��ϴ� ��; f��Ͽ� �̷�� ȿ�� ޼��մϴ�.

�޽�� å�� d

Sun Java System Application Server 8.1 2005Q1�� ý�� ?� �wα׷� �� ޽�� ⺻�� å��; ��4ϴ�. �Ϲ�� 쿡�� ٸ� �� x �?� �wα׷� ��; �� ʰ? ��x �?� �wα׷�; �� ?� �wα׷� �� ⿩�ϴ� ��쵵 �ֽ4ϴ�. ��= �� پ�� å�� d�ǵǾ� �ֽ4ϴ�.

�ý��

�?� �wα׷� ��

�ý��

Application Server�� ޽��

�� ͺ��̽� ��

Keystore �� Truststore ��

��ȣȭ�� ϰ� Java SDK 1.5.0 �� ; �� Java Cryptography Extension(JCE) ��

�� ġ. xms �� ?� �wα׷�; ��Ͽ� �޽�� % �� ; �� 쿡�� մϴ�.

�ý�� ڴ� �� ܼ�; ��Ͽ� �� d; ��ϰ� �� Ͽ� �� ͺ��̽�� մϴ�. PE�� Ű�� Ű ��ҿ� ��ǰ� keytool; ��Ͽ� ��˴ϴ�. SE �� EE�� NSS ��ͺ��̽�� Ű�� ϰ� certutil; ��Ͽ� �̵�; ��մϴ�. �� ⺻��8�� ý�� ڸ� ��8�� մϴ�. �޽�� ۾�� "�޽�� ; '�� Application Server ��"; ��v�Ͻʽÿ�.

�?� �wα׷� ��

��' ��Ʈ�� (��ڳ� ��:?)�� ?� �wα׷� �� ޽�� ȣ då; ��d�� : �� ?� �wα׷� ��:?�� ̷�� ʼ� då; ��d

% �� ~a �� v�� ?� �wα׷� �� ޽�� ȣ då d��(��, message-security-binding ��)�� d�ϱ� '�� Sun �� d

�� ۾�: Developer's Guide�� Securing Applications �忡�� մϴ�. "�ڼ�� "�� ش� �忡 �� ũ�� ֽ4ϴ�.

�?� �wα׷� ��

�?� �wα׷� ��ڴ� �޽�� ; ��d�� ׷� å��: ��4ϴ�. �� % ��񽺰� �� ó��ǵ�� ý�� ڰ� �޽�� ; ��d�ϰų�, �?� �wα׷�� ε�� ڳ� ��ȣ då�� ̳ʿ� ��ε�� Ͱ� �޶�� ϴ� �� ?� �wα׷� ��ڰ� �޽�� ; ��d�� ֽ4ϴ�.

�?� �wα׷�� ?� �wα׷� �� ޽�� ȣ då; �䱸�ϴ� �� θ� ��d�մϴ�. �䱸�� ?� �wα׷� ��ڿ� ��Ͽ� �� ִ� �?� �wα׷� ��:?�� ʿ�� då; ��d�մϴ�.

�� ū �� ü�� d��

WS-Security ��翡�� ū; ��Ͽ� SOAP % �� ޽�� ȣȭ�ϴ� �Ͱ� ��ؼ� Ȯ�� ü�踦 f��մϴ�. Application Server�� ġ�� SOAP �� ޽�� ڸ� ��ϸ� ��̵�/��й�ȣ �� X509 �� ū; ��Ͽ� SOAP % �� ޽�� ȣȭ�� ֽ4ϴ�. SAML ��f�� Ͽ� �ٸ� �� ū; ��ϴ� �߰� ��ڰ� Application Server�� ļ� �� Բ� ��ġ�˴ϴ�.

��̵� ��ū d��

Application Server�� SOAP �޽�� ��̵� ��ū; ��Ͽ� �޽�� �� �� ̵� ��d�մϴ�. ��Ե� ��й�ȣ �� ̵� ��ū�� Ե� �޽�� ڴ� �� (��, ��й�ȣ); �˰� �ִ�� Ȯ��Ͽ� ��ū�� ĺ�� ; �� ִ� �� ִ�� Ȯ��մϴ�.

��̵� ��ū; �� Application Server�� /ȿ�� ͺ��̽�� ؾ� �մϴ�. �� ׸� �� ڼ�� : "�� "; ��v�Ͻʽÿ�.

�� d��

Application Server�� XML �� ; ��Ͽ� �� ̵� �޽�� ���� ε��մϴ�. Ŭ��̾�Ʈ�� ; ��Ͽ� �� ; �� ۾�; ��ϱ� '�� ⺻ �� Ǵ� SSL Ŭ��̾�Ʈ �� ; �� Ͱ� /��ϰ� ȣ�� ̵� ��d�մϴ�. �޽�� ڰ� �޽�� ٸ� �� ִ� �޽�� ; ��ϱ� '�� ; Ȯ��մϴ�.

�� ; �� Application Server�� keystore �� truststore ��; ��ؾ� �մϴ�. �� ׸� �� ڼ�� : "�� d��"; ��v�Ͻʽÿ�.

��ȣȭ d��

��ȣȭ�� : �� ֵ�� ͸� ��d�ϴ� ��Դϴ�. �� ; ��ȣȭ�� ҷ� ��ü�Ͽ� ��d�մϴ�. �� Ű ��ȣȭ �� ȣȭ�� Ͽ� �޽�� ; �� ִ� �� ̵� ��d�� ֽ4ϴ�.

��ȣȭ�� ȣȭ�� ϴ� JCE ��ڸ� ��ġ�ؾ� �մϴ�. �� ׸� �� ڼ�� : "JCE �� "; ��v�Ͻʽÿ�.

�޽�� ȣ då d��

��û �޽�� ó�� 4� �޽�� ó�� ޽�� ȣ då�� d�ǵǰ� �� Ǵ� �� ; '�� 䱸 ��װ� ��Ͽ� �޽�� ȣ då; ǥ��մϴ�. �� då: �޽�� °ų� �޽�� ; d�� ƼƼ�� ̵� �޽�� d�Ͽ� �޽�� ڰ� �̸� �� ֵ�� ϴ� �䱸 ��; ��Ÿ�4ϴ�. �� då: �޽�� ִ� ��ƼƼ�� ̵� �޽�� d�� ֵ�� ϴ� �䱸 ��; ��Ÿ�4ϴ�. SOAP % �� ޽�� 鿡�� ޽�� ȣ då�� ǵ�� ڴ� Ưd �޽�� ü�踦 ��մϴ�.

��ڸ� ��̳ʿ� �� û �� 4� �޽�� ȣ då�� d�ǵ˴ϴ�. �?� �wα׷� �Ǵ� �?� �wα׷� Ŭ��̾�Ʈ�� Sun Ưd �� % �� Ʈ�� ۾�� '�� ?� �wα׷� �� ޽�� ȣ då; �� ֽ4ϴ�. � �� ޽�� ȣ då�� d�ǵ� �� Ŭ��̾�Ʈ�� û �� 4� �޽�� ȣ då: �� û �� 4� �޽�� ȣ då�� ġ�ؾ� �մϴ�. �?� �wα׷� �� ޽�� ȣ då d�ǿ� �� ڼ�� : Developer's Guide�� Securing Applications ��; ��v�Ͻʽÿ�. "�ڼ�� "�� ش� �忡 �� ũ�� ֽ4ϴ�.

�޽��

�⺻ Ŭ��̾�Ʈ ��

% ��

SOAP �� ޽�� ڿ� �޽�� ȣ då; �?� �wα׷�� ̳ʳ� �?� �wα׷�� ó�� % �� ~a�� ε��Ͽ� Application Server�� % ��񽺰� �� ó��˴ϴ�. SOAP �� ޽�� ڿ� �޽�� ȣ då; Ŭ��̾�Ʈ ��̳ʳ� Ŭ��̾�Ʈ �?� �wα׷�� ̽� �� v�� ε��Ͽ� Application Server�� Ŭ��̾�Ʈ�� ̳ʿ� SOAP �� ޽�� ˴ϴ�.

Application Server�� ġ�� SOAP �� ޽�� ڴ� Application Server�� Ŭ��̾�Ʈ �� ̳ʿ� ��˴ϴ�. �̵� ��ڴ� ��̳ʳ� ��̳ʿ� �� ?� �wα׷��̳� Ŭ��̾�Ʈ�� ε� �� ֽ4ϴ�. ��ġ �� ڴ� �� ޽�� ȣ då8�� ˴ϴ�. ��, ��̳ʳ� ��̳�� ?� �wα׷� �Ǵ� Ŭ��̾�Ʈ�� ε�� û �� 4� �޽�� ; XML �� 8�� ϰ� �˴ϴ�.

Application Server�� ̽�� Ͽ� Application Server�� ̳ʿ�� ϱ� '�� x ��ڸ� ��ε��ϰų�, ��ڰ� �� ޽�� ȣ då; ��d�ϰų�, ��ü �޽�� ȣ då8�� ο� �� ; �� ֽ4ϴ�. "�޽�� ȿ� �� ܼ� �۾�"�� ̷�� ۾�; d��մϴ�. Ŭ��̾�Ʈ �?� �wα׷�� ޽�� Ȱ��ȭ�� d�� ?� �wα׷� Ŭ��̾�Ʈ ��̳�� SOAP �޽�� /�� ۾�; �� ֽ4ϴ�.

Application Server �� Ե� �� ִ� ' �ܰ踦 �Ϸ��ϸ� Application Server�� % �� ?� �wα׷�� % �� ˴ϴ�.

�?� �wα׷� �� % ��

�?� �wα׷�� Sun �� ڿ� message-security-binding ��Ҹ� d��Ͽ� �?� �wα׷� ��:?�� ?� �wα׷� �� % �� ˴ϴ�. �� message-security-binding ��Ҹ� ��Ͽ� Ưd ��ڳ� �޽�� ȣ då; % �� ~a�̳� �� v�� ų �� ְ�, �ش��ϴ� ~a�̳� ��v �� Ưd ��Ʈ�� ޼ҵ忡 �� ֽ4ϴ�.

�?� �wα׷� �� ޽�� ȣ då d�ǿ� �� ڼ�� : Developer's Guide�� Securing Applications ��; ��v�Ͻʽÿ�. "�ڼ�� "�� ش� �忡 �� ũ�� ֽ4ϴ�.

�� ?� �wα׷� ��

Application Server�� xms�� ϴ� �� ?� �wα׷�� Բ� f��˴ϴ�. xms �?� �wα׷�: J2EE EJB ~a �� Java Servlet ~a ��ο�� ϴ� �� % �� ; �մϴ�. �� ~a�� ~a ��̽�� /�մϴ�. �� ~a ��̽�� ڿ� �μ� �� ְ� ȣ�� μ� �տ� Hello�� ߰��Ͽ� �� String; ��ȯ�ϴ� �� ۾� sayHello�� d��մϴ�.

��x % �� ?� �wα׷�; ��ϴ� Application Server�� WS-Security �� ; ��ϱ� '�� xms �� ?� �wα׷�� f��˴ϴ�. ��ð� �Բ� f�� ħ�� xms �?� �wα׷�; ��ϱ� '�� Application Server�� WS-Security ��; Ȱ��ȭ�ϴ� �� մϴ�. ��ÿ�� ?� �wα׷� �� % �� ?� �wα׷�� ǵ�� ?� �wα׷�� b WS-Security ��; ��ε��ϴ� �͵� ��մϴ�.

xms �� ?� �wα׷�: install_dir\samples\webservices\security\ejb\apps\xms\ ��丮�� ġ�˴ϴ�.

xms �� ?� �wα׷�� , ��Ű��ȭ �� ࿡ �� ڼ�� : Developer's Guide�� Securing Applications ��; ��v�Ͻʽÿ�. "�ڼ�� "�� ش� �忡 �� ũ�� ֽ4ϴ�.

�޽�� ; '�� Application Server ��

Application Server�� ش� SOAP ó�� յ� �޽�� ڸ� ��Ͽ� �޽�� ; ��մϴ�. �޽�� ڴ� Application Server�� ٸ� �� ɿ� �� ٸ��ϴ�.

1.5.0 �� Java SDK ��; ��ϰ� ��ȣȭ ��; �� JCE ��ڸ� ��մϴ�.

JCE �� : "JCE �� "�� մϴ�.

��̵� ��ū; �� ʿ��ϸ� �� ͺ��̽�� մϴ�. Username/password ��ū; �� ش��ϴ� ��; ��ϰ� �� ش��ϴ� �� ͺ��̽�� ؾ� �մϴ�.

�� ͺ��̽� ��: "�� "�� մϴ�.

�ʿ�� Ű�� մϴ�.

�� Ű �� "�� d��"�� մϴ�.

�޽�� ڰ� ��ϱ� '�� Application Server�� ; �� Application Server�� Բ� ��ġ�� ڸ� �޽�� ȿ� �� Ȱ��ȭ�� Ȱ��ȭ�� ֽ4ϴ�.

JCE ��

J2SE 1.4.x�� Ե� JCE(Java Cryptography Extension) ��ڴ� RSA ��ȣȭ�� ʽ4ϴ�. WS-Security�� d�� XML ��ȣȭ�� 밳 RSA ��ȣȭ�� 8�� ϱ� �� WS-Security�� Ͽ� SOAP �޽�� ȣȭ�Ϸx� RSA ��ȣȭ�� ϴ� JCE ��ڸ� �ٿ�ε� �� ġ�ؾ� �մϴ�.

��: RSA�� RSA Data Security, Inc.�� Ű ��ȣȭ ��Դϴ�. RSA�� ߸�� Rivest, Shamir, Adelman�� Դϴ�.

�� 1.5�� Java SDK�� Application Server�� ̹� JCE ��ڰ� �ùٷ� ��Ǿ� �ֽ4ϴ�. �� 1.4.x�� Java SDK�� Application Server�� = �ܰ踦 ��Ͽ� JCE ��ڸ� JDK ȯ�� Ϻη� d��8�� ߰��մϴ�.

JCE �� JAR(Java ARchive) ��; �ٿ�ε��Ͽ� ��ġ�մϴ�. ��= URL�� RSA ��ȣȭ�� ϴ� JCE �� ; f��մϴ�.

http://java.sun.com/products/jce/jce14_providers.html

JCE �� JAR ��; <JAVA_HOME>/jre/lib/ext/�� մϴ�.

Application Server�� մϴ�. Application Server�� ʰ� �� wμ�� ߿� �ٽ� �� Application Server�� JCE ��ڸ� �ν�� ʽ4ϴ�.

�ؽ�Ʈ ��⿡�� <JAVA_HOME>/jre/lib/security/java.security �� d�� ; ��մϴ�. �ٿ�ε�� JCE ��ڸ� �� Ͽ� �߰��մϴ�. java.security ��Ͽ�� ڸ� �߰��ϱ� '�� ڼ�� ħ�� ԵǾ� �ֽ4ϴ�. �⺻��8�� /�� d�� 'ġ�� = �� ; �߰��ؾ� �մϴ�.


security.provider.<n>=<provider class name>

�� <n>: �� ڸ� �� Application Server�� ϴ� �⺻ ��d ��Դϴ�. �߰�� JCE ��ڿ� �� <n>; 2�� d�մϴ�.

�� , Legion of the Bouncy Castle JCE ��ڸ� �ٿ�ε�� = ��; �߰��մϴ�.


security.provider.2=org.bouncycastle.jce.provider.
BouncyCastleProvider

Sun �� ڰ� �� 1; �� : �⺻ ��d; /��ϴ�� Ȯ��մϴ�.


security.provider.1=sun.security.provider.Sun

�ٸ� �� ; �� vd�Ͽ� �� ؿ� �ϳ�� ڸ� �ֵ�� մϴ�.

��=: �ʿ�� JCE ��ڸ� f��ϰ� ��x ��ڸ� �ùٸ� 'ġ�� ϴ� java.security �� Դϴ�.


security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.
BouncyCastleProvider
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider

��; ��ϰ� �ݽ4ϴ�.

�� ٽ� ��մϴ�.

�޽�� ȿ� �� ܼ� �۾�

�޽�� ; ��ϱ� '�� Application Server�� d�ϴ� ��κ�� ܰ�� ܼ��̳� asadmin �� Ͽ� ��ϰų� �ý�� ; ��8�� Ͽ� �� ֽ4ϴ�. �Ϲ��8�� ý�� ; ��ϴ� ��: �ǵ�� : ��8�� Application Server�� f�� ϰ� �� ֱ� �� ʽ4ϴ�. �� ܼ�; ��Ͽ� Application Server�� ϴ� �ܰ谡 �� ǥ�õǰ� asadmin �� ; �� ܰ�� ߿� ǥ�õ˴ϴ�. �� ܼ��̳� �ش� asadmin �� ; ��쿡�� ý�� ; ��8�� ϴ� �ܰ谡 ǥ�õ˴ϴ�.

�޽�� ÷�� 8�� Ŭ��̾�Ʈ ��̳ʿ� Application Server�� յ˴ϴ�. �⺻��8�� ޽�� : Application Server�� Ȱ��ȭ�˴ϴ�. ��= �� ޽�� ڸ� Ȱ��ȭ, �ۼ�, �� f�ϴ� �Ͱ� �� ; f��մϴ�.

�޽�� ȿ� �� Ȱ��ȭ

�޽��

�޽�� f

Ŭ��̾�Ʈ �?� �wα׷�� ޽�� Ȱ��ȭ

��κ�� '�� ۾�; �� Application Server�� ٽ� ��ؾ� �մϴ�. �۾�; �� Application Server�� ̹� �� ?� �wα׷�� ; �� 쿡 Ư�� Application Server�� ٽ� ��ؾ� �մϴ�.

�޽�� ȿ� �� Ȱ��ȭ

Application Server�� % �� ~a�� ޽�� ; Ȱ��ȭ�Ϸx� �� ⺻��8�� Ǵ� ��ڸ� ��d�ؾ� �մϴ�. �޽�� ; '�� ⺻ ��ڸ� Ȱ��ȭ�� Application Server�� % �� Ŭ��̾�Ʈ�� ڵ� Ȱ��ȭ�ؾ� �մϴ�. Ŭ��̾�Ʈ�� ڸ� Ȱ��ȭ�ϴ� �� ʿ�� d�� "Ŭ��̾�Ʈ �?� �wα׷�� ޽�� Ȱ��ȭ"�� մϴ�.

�� ~a�� ߻�� % �� ȣ�⿡ �� ޽�� ; Ȱ��ȭ�Ϸx� �⺻ Ŭ��̾�Ʈ ��ڸ� ��d�ؾ� �մϴ�. Application Server�� ⺻ Ŭ��̾�Ʈ ��ڸ� Ȱ��ȭ�� Application Server�� ~a�� ȣ�� 񽺰� �޽�� Ȱ� ȣȯ ��ϰ� ��ǵ�� ؾ� �մϴ�.

Application Server�� ⺻ ��ڸ� Ȱ��ȭ�Ϸx� ��= �ܰ踦 ��մϴ�.

�� ܼ� Ʈ�� ҿ�� 带 Ȯ��մϴ�.

�� ν��Ͻ�� մϴ�.

Ưd �ν��Ͻ�� Ϸx� �� ν��Ͻ�� 带 ��մϴ�. �� ⺻ �ν��Ͻ� server�� server-config ��带 ��մϴ�.

�� ν��Ͻ�� ⺻ ��d; ��Ϸx� default-config ��带 ��մϴ�.

�� 带 Ȯ��մϴ�.

�޽�� 带 Ȯ��մϴ�.

SOAP ��带 Ȯ��մϴ�.

�޽�� ; ��մϴ�.

�޽�� ǿ�� ε�� : Ưd �� ?� �wα׷�� ڿ� Ŭ��̾�Ʈ�� ڸ� ��d�մϴ�. ��= �� d�� d�Ͽ� �̸� ��մϴ�.

�⺻ �� - Ưd �� ڰ� ��ε�� : �?� �wα׷�� ȣ�� ̵��Դϴ�.

�⺻��8�� Application Server�� : ��õǾ� �� ʽ4ϴ�. �� ڸ� �ĺ��Ϸx� ServerProvider�� մϴ�. Null �ɼ�; ��ϸ� �⺻��8�� ޽�� ڰ� ȣ�� =; �ǹ��մϴ�.

�� ʵ忡 �� Ϲ��8�� ServerProvider�� մϴ�.

�⺻ Ŭ��̾�Ʈ �� - Ưd Ŭ��̾�Ʈ ��ڰ� ��ε�� : �?� �wα׷�� ȣ�� Ŭ��̾�Ʈ �� ̵��Դϴ�.

�⺻��8�� Application Server�� : ��õǾ� �� ʽ4ϴ�. Ŭ��̾�Ʈ�� ڸ� �ĺ��Ϸx� ClientProvider�� մϴ�. Null �ɼ�; ��ϸ� �⺻��8�� Ŭ��̾�Ʈ�� ޽�� ڰ� ȣ�� =; �ǹ��մϴ�.

�� ʵ忡 �� Ϲ��8�� Null; ��մϴ�. �⺻ ��ڿ� �޽�� ȣ då; Ȱ��ȭ�Ͽ� Application Server�� % �� ~a�� ۵� % �� ȣ�⿡ ��Ϸx� ClientProvider�� մϴ�.

��; ��ϴ�.

Ŭ��̾�Ʈ �Ǵ� �� ڸ� Ȱ��ȭ�ϰ� Ȱ��ȭ�� ޽�� ȣ då; ��d�� ܰ迡�� Ȱ��ȭ�� ޽�� d�� ڼ�� : "�޽�� "; ��v�Ͻʽÿ�.

�⺻ �� ڸ� ��d�Ϸx� ��= �۾�; ��մϴ�.


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
default_provider=ServerProvider

�⺻ Ŭ��̾�Ʈ ��ڸ� ��d�Ϸx� ��= �۾�; ��մϴ�.


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
default_client_provider=ClientProvider

�޽��

�Ϲ��8�� /��, �� Ŭ�� ں� �� d�� d�� ִ�� ޽�� ȣ då; ��d�ϱ� '�� ڰ� �ٽ� ��˴ϴ�. �޽�� ڸ� �ٽ� ��Ϸx� �Ʒ� �� ܰ踦 ��մϴ�.

�� ܼ� Ʈ�� ҿ�� 带 Ȯ��մϴ�.

�� ν��Ͻ�� մϴ�.

Ưd �ν��Ͻ�� Ϸx� �� ν��Ͻ�� 带 ��մϴ�. �� ⺻ �ν��Ͻ� server�� server-config ��带 ��մϴ�.

�� ν��Ͻ�� ⺻ ��d; ��Ϸx� default-config ��带 ��մϴ�.

�� 带 Ȯ��մϴ�.

�޽�� 带 Ȯ��մϴ�.

SOAP ��带 Ȯ��մϴ�.

�� ; ��մϴ�.

�� ޽�� ڸ� ��մϴ�. Application Server�� ClientProvider�� ServerProvider�� Բ� f��˴ϴ�.

�� ǿ�� = �� d�� d�� ֽ4ϴ�.

�� /�� - ��ڸ� Ŭ��̾�Ʈ �� , �� Ǵ� �� (Ŭ��̾�Ʈ-�� )�� θ� ��d�Ϸx� client, server �Ǵ� client-server�� մϴ�.

Ŭ�� ̸� - �� Java �� Ŭ�� Է��մϴ�. Ŭ��̾�Ʈ �� ڴ� com.sun.xml.wss.provider.ClientSecurityAuthModule ��̽�� ؾ� �մϴ�. �� ڴ� com.sun.xml.wss.provider.ServerSecurityAuthModule ��̽�� ؾ� �մϴ�. ��ڴ� �� ̽�� , �� /�� ش��ϴ� ��̽�� ؾ� �մϴ�.

�� û då ��ǿ�� ʿ�� =�� : �� ; �Է��մϴ�. �� d�� , ��d�� ; �� û �޽�� ʽ4ϴ�.

��û då: �� ڰ� �� û ó�� då �䱸 ��; d��մϴ�. då: �޽�� ڰ� �ش� ��; Ȯ��ϱ� �� ޽�� ص��ؾ� ��; �ǹ��ϴ� �� ǥ�õ� ��Ŀ� ��ȣȭ�� ߻��ϴ� �䱸 ��װ� ��: �޽�� ǥ�õ˴ϴ�.

�� ҽ� - sender, content �Ǵ� Null(�� ɼ�); ��Ͽ� �� ޽�� ; '�� 䱸 ��(��: ��̵� �� ȣ), �� ; '�� 䱸 ��(��: �� ) �Ǵ� ��û �޽�� =; d��մϴ�. Null; ��d�� û�� ҽ� �� ʿ�� ʽ4ϴ�.

��  - beforeContent �Ǵ� afterContent�� Ͽ� ��û �޽�� ޽�� ; '�� 䱸 ��(��: XML ��ȣȭ); d��մϴ�. �� d�� : ��쿡�� ⺻�� afterContent�� d�˴ϴ�.

SOAP �޽�� ڰ� �� ۾� �� ڼ�� : "��û �� 4� då �� ۾�"; ��v�Ͻʽÿ�.

�� 4� då ��ǿ�� ʿ�� =�� : �� ; �Է��մϴ�. �� d�� , ��d�� ; �� 4� �޽�� ʽ4ϴ�.

�4� då: �� ڰ� �� 4� ó�� då �䱸 ��; d��մϴ�. då: �޽�� ڰ� �ش� ��; Ȯ��ϱ� �� ޽�� ص��ؾ� ��; �ǹ��ϴ� �� ǥ�õ� ��Ŀ� ��ȣȭ�� ߻��ϴ� �䱸 ��װ� ��: �޽�� ǥ�õ˴ϴ�.

�� ҽ� - sender, content �Ǵ� Null(�� ɼ�); ��Ͽ� �4� �޽�� ޽�� ; '�� 䱸 ��(��: ��̵� �� ȣ)�̳� �� ; '�� 䱸 ��(��: �� ); d��մϴ�. Null; ��d�� 4�� ҽ� �� ʿ�� ʽ4ϴ�.

��  - beforeContent �Ǵ� afterContent�� Ͽ� �4� �޽�� ޽�� ; '�� 䱸 ��(��: XML ��ȣȭ); d��մϴ�. �� d�� : ��쿡�� ⺻�� afterContent�� d�˴ϴ�.

SOAP �޽�� ڰ� �� ۾� �� ڼ�� : "��û �� 4� då �� ۾�"; ��v�Ͻʽÿ�.

�� d�� ߰� ��ư; �� ٸ� �� d�� ߰��մϴ�. Application Server�� Բ� f�� ڴ� �Ʒ� �� d�� մϴ�. �ٸ� ��ڸ� �� d�� /ȿ�� ڼ�� : �ش� ��?�� v�Ͻʽÿ�.

server.config - �� d�� ϴ� XML �� 丮�� ̸��Դϴ�. �� , install_dir/domains/domain_dir/config/wss-server-config.xml�Դϴ�.

��; ��ϴ�.

�ش� asadmin ��: ��=�� 4ϴ�. �4� då; ��d�Ϸx� ��= �� ܾ� request�� response�� ٲߴϴ�.

��û då; Ŭ��̾�Ʈ�� ߰��ϰ� �� ҽ�� d�մϴ�.


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_source=
<sender | content>

��û då; �� ߰��ϰ� �� ҽ�� d�մϴ�.


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_source=
<sender | content>

��û då; Ŭ��̾�Ʈ�� ߰��ϰ� �� ڸ� ��d�մϴ�.


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_recipient=
<before-content | after-content>

��û då; �� ߰��ϰ� �� ڸ� ��d�մϴ�.


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_recipient=
<before-content | after-content>

�޽��

��ο� �޽�� ڸ� ��x� ��= �ܰ踦 ��մϴ�. ��x ��ڸ� ��Ϸx� "�޽�� "�� ܰ踦 ��մϴ�.

�� ܼ� Ʈ�� ҿ�� 带 Ȯ��մϴ�.

�� ν��Ͻ�� մϴ�.

Ưd �ν��Ͻ�� Ϸx� �� ν��Ͻ�� 带 ��մϴ�. �� ⺻ �ν��Ͻ� server�� server-config ��带 ��մϴ�.

�� ν��Ͻ�� ⺻ ��d; ��Ϸx� default-config ��带 ��մϴ�.

�� 带 Ȯ��մϴ�.

�޽�� 带 Ȯ��մϴ�.

SOAP ��带 Ȯ��մϴ�.

�� ; ��մϴ�.

�� ⸦ ��ϴ�.

�� ǿ�� =; �Է��մϴ�.

�⺻ �� - ��ο� �޽�� ڸ� Ưd ��ڰ� ��ε�� : �?� �wα׷�� ȣ�� ڷ� ��x� �� ʵ� �� ִ� Ȯ�ζ�; ��մϴ�. ��ڰ� �⺻ Ŭ��̾�Ʈ ��, �⺻ �� Ǵ� �� ٰ� �� δ� �� /�� ٸ��ϴ�.

�� /�� - client, server �Ǵ� client-server�� Ͽ� ��ڸ� Ŭ��̾�Ʈ �� , �� Ǵ� �� (Ŭ��̾�Ʈ-�� )�� θ� ��d�մϴ�.

�� ̵� - �� ̵� �Է��մϴ�. �� Ͽ� �� ̸�� ǥ�õ˴ϴ�.

�� û då ��ǿ�� ʿ�� =�� : �� ; �Է��մϴ�. �� d�� , ��d�� ; �� û �޽�� ʽ4ϴ�.

�� ҽ� - sender, content �Ǵ� Null(�� ɼ�); ��Ͽ� �޽�� ; '�� 䱸 ��(��: ��̵� �� ȣ), �� ; '�� 䱸 ��(��: �� ) �Ǵ� ��û �޽�� =; d��մϴ�. Null; ��d�� û�� ҽ� �� ʿ�� ʽ4ϴ�.

SOAP �޽�� ڰ� �� ۾� �� ڼ�� : "��û �� 4� då �� ۾�"; ��v�Ͻʽÿ�.

�� 4� då ��ǿ�� ʿ�� =�� : �� ; �Է��մϴ�. �� d�� , ��d�� ; �� 4� �޽�� ʽ4ϴ�.

SOAP �޽�� ڰ� �� ۾� �� ڼ�� : "��û �� 4� då �� ۾�"; ��v�Ͻʽÿ�.

server.config - �� d�� ϴ� XML �� 丮�� ̸��Դϴ�. �� , install_dir/domains/domain_dir/config/wss-server-config.xml�Դϴ�.

�� ; ��Ϸx� Ȯ��; ��ų�, �� ʰ� ��Ϸx� ��Ҹ� ��ϴ�.

��û �� 4� då �� ۾�

ǥ 15-1�� ޽�� ȣ då �� ش� �� WS-Security SOAP �޽�� ڰ� �� ޽�� ۾� �� ݴϴ�.

ǥ 15-1 �޽�� ȣ då �� WS-Security SOAP �޽�� ۾� ��
�޽�� ȣ då	WS-Security SOAP �޽�� ȣ �۾� ��
auth-source="sender"	�޽�� `wsse:UsernameToken`(��й�ȣ ��); ��ϴ� `wsse:Security` �� ֽ4ϴ�.
auth-source="content"	SOAP �޽�� ; ��մϴ�. �޽�� `ds`:`Signature`�� ǥ�õǴ� �޽�� ; ��ϴ� `wsse:Security` �� ֽ4ϴ�.
auth-source="sender" auth-recipient="before-content" �Ǵ� auth-recipient="after-content"	SOAP �޽�� ȣȭ�ǰ� `xend:EncryptedData` �� ü�˴ϴ�. �޽�� `wsse:UsernameToken(��й�ȣ ��)` �� `xenc:EncryptedKey`�� Ե� `a wsse:Security` �� ֽ4ϴ�. `xenc:EncryptedKey`�� SOAP �޽�� ; ��ȣȭ�ϴ� �� Ű�� մϴ�. Ű�� Ű�� ȣȭ�Ǿ� �ֽ4ϴ�.
auth-source="content" auth-recipient="before-content"	SOAP �޽�� ȣȭ�ǰ� xend:EncryptedData �� ü�˴ϴ�. `xenc:EncryptedData`�� ˴ϴ�. �޽�� `xenc:EncryptedKey` �� `ds`:`Signature`�� Ե� `a wsse:Security` �� ֽ4ϴ�. `xenc:EncryptedKey`�� SOAP �޽�� ; ��ȣȭ�ϴ� �� Ű�� մϴ�. Ű�� Ű�� ȣȭ�Ǿ� �ֽ4ϴ�.
auth-source="content" auth-recipient="after-content"	SOAP �޽�� ȣȭ�ǰ� xend:EncryptedData �� ü�˴ϴ�. �޽�� `xenc:EncryptedKey` �� `ds`:`Signature`�� Ե� `a wsse:Security` �� ֽ4ϴ�. `xenc:EncryptedKey`�� SOAP �޽�� ; ��ȣȭ�ϴ� �� Ű�� մϴ�. Ű�� Ű�� ȣȭ�Ǿ� �ֽ4ϴ�.
auth-recipient="before-content" �Ǵ� auth-recipient="after-content"	SOAP �޽�� ȣȭ�ǰ� xend:EncryptedData �� ü�˴ϴ�. �޽�� `xenc:EncryptedKey`�� Ե� `a wsse:Security` �� ֽ4ϴ�. `xenc:EncryptedKey`�� SOAP �޽�� ; ��ȣȭ�ϴ� �� Ű�� մϴ�. Ű�� Ű�� ȣȭ�Ǿ� �ֽ4ϴ�.
��d�� då�� 4ϴ�.	��⿡�� ۾�; �� ʽ4ϴ�.

�޽�� f

�� ܼ� Ʈ�� ҿ�� 带 Ȯ��մϴ�.

�� ν��Ͻ�� մϴ�.

Ưd �ν��Ͻ�� Ϸx� �� ν��Ͻ�� 带 ��մϴ�. �� ⺻ �ν��Ͻ� server�� server-config ��带 ��մϴ�.

�� ν��Ͻ�� ⺻ ��d; ��Ϸx� default-config ��带 ��մϴ�.

�� 带 Ȯ��մϴ�.

�޽�� 带 ��մϴ�.

��f�� ޽�� ʿ� �ִ� Ȯ�ζ�; ��մϴ�.

��f�� ϴ�.

�޽�� f

�� ܼ� Ʈ�� ҿ�� 带 Ȯ��մϴ�.

�� ν��Ͻ�� մϴ�.

Ưd �ν��Ͻ�� Ϸx� �� ν��Ͻ�� 带 ��մϴ�. �� ⺻ �ν��Ͻ� server�� server-config ��带 ��մϴ�.

�� ν��Ͻ�� ⺻ ��d; ��Ϸx� default-config ��带 ��մϴ�.

�� 带 Ȯ��մϴ�.

�޽�� 带 Ȯ��մϴ�.

SOAP ��带 Ȯ��մϴ�.

�� մϴ�.

��f�� ʿ� �ִ� Ȯ�ζ�; ��մϴ�.

��f�� ϴ�.

Ŭ��̾�Ʈ �?� �wα׷�� ޽�� Ȱ��ȭ

Ŭ��̾�Ʈ �� ޽�� ȣ då�� Ŭ��̾�Ʈ ��ڰ� ��ȣ �ۿ��ϴ� �� ޽�� ȣ då�� ϵ�� ؾ� �մϴ�. Application Server�� ġ�� Ǿ�� Ȱ��ȭ�� : �� ̹� �׷�� Ǿ� �ֽ4ϴ�.

Ŭ��̾�Ʈ �?� �wα׷�� ޽�� ; Ȱ��ȭ�Ϸx� �?� �wα׷� Ŭ��̾�Ʈ ��̳�� Sun Java System Application Server �� ; ��d�մϴ�.

�?� �wα׷� Ŭ��̾�Ʈ�� ⺻ Ŭ��̾�Ʈ ��ڸ� Ȱ��ȭ�Ϸx� ��= �ܰ踦 ��մϴ�.

Ŭ��̾�Ʈ ��̳� ��ڸ� ��ϴ� Ŭ��̾�Ʈ �?� �wα׷�; ��մϴ�.

�ؽ�Ʈ ��⿡�� install_dir/domains/domain_dir/config/sun-acc.xml�� ִ� Sun �?� �wα׷� Ŭ��̾�Ʈ ��̳� ��ڸ� ��ϴ�.

��:ü �ؽ�Ʈ�� Ͽ� �߰��Ͽ� �?� �wα׷� Ŭ��̾�Ʈ�� ⺻ Ŭ��̾�Ʈ ��ڸ� Ȱ��ȭ�մϴ�. Ŭ��̾�Ʈ �?� �wα׷�� ޽�� ; Ȱ��ȭ�ϱ� '�� ڵ尡 �ִ� ��; ǥ��ϱ� '�� ٸ� �ڵ带 f��մϴ�. ��:ü�� ƴ� �ڵ�� ġ�� ణ �ٸ� �� ֽ4ϴ�. ��:ü�� ƴ� �ؽ�Ʈ�� ʽÿ�.


<client-container>
  <target-server name="<your_host>" address="<your_host>" port="<your_port>"/>
  <log-service file="" level="WARNING"/>
  <message-security-config auth-layer="SOAP"     default-client-provider="ClientProvider">
    <provider-config
      class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"       provider-id="ClientProvider" provider-type="client">
      <request-policy auth-source="sender"/>
      <response-policy/>
       <property name="security.config"       value="C:/Sun/AppServer/lib/appclient/wss-client-config.xml"/>
    </provider-config>
  </message-security-config>
</client-container>

Ŭ��̾�Ʈ ��̳ʿ� �� ޽�� ڿ�� Ű�� Ʈ��Ʈ�� ׼�� ʿ��մϴ�. �?� �wα׷� Ŭ��̾�Ʈ �� ũ��Ʈ�� = �ý�� d�� ش� ��; d��Ͽ� �̸� ��մϴ�.

�?� �wα׷� Ŭ��̾�Ʈ �� û �� 4� då ��d

��û �� 4� då�� ڰ� �� û �� 4� ó�� då �䱸 ��; d��մϴ�. då: �޽�� ڰ� �ش� ��; Ȯ��ϱ� �� ޽�� ص��ؾ� ��; �ǹ��ϴ� �� ǥ�õ� ��Ŀ� ��ȣȭ�� ߻��ϴ� �䱸 ��װ� ��: �޽�� ǥ�õ˴ϴ�.

�޽�� ; �޼��Ϸx� �� Ŭ��̾�Ʈ ��ο�� û �� 4� då; Ȱ��ȭ�ؾ� �մϴ�. Ŭ��̾�Ʈ�� då; �� ?� �wα׷� �� ޽�� ε� ��û/�4� ��ȣ�� '�� då�� Ŭ��̾�Ʈ då�� ġ�ؾ� �մϴ�.

�?� �wα׷� Ŭ��̾�Ʈ �� û då; ��d�Ϸx� "Ŭ��̾�Ʈ �?� �wα׷�� ޽�� Ȱ��ȭ"�� ?� �wα׷� Ŭ��̾�Ʈ ��̳ʿ� �� Sun Java System Application Server �� ; ��d�մϴ�. �?� �wα׷� Ŭ��̾�Ʈ �� Ͽ�� :ü �ؽ�Ʈ�� ߰��Ͽ� ��û då; ��d�մϴ�. ��v�� '�� ٸ� �ڵ尡 f��˴ϴ�. ��:ü�� ƴ� �ڵ�� ġ�� ణ �ٸ� �� ֽ4ϴ�. ��:ü�� ƴ� �ؽ�Ʈ�� ʽÿ�.

auth-source�� /ȿ�� sender �� content�� Ե˴ϴ�. auth-recipient�� /ȿ�� before-content �� after-content�� Ե˴ϴ�. "��û �� 4� då �� ۾�"�� پ�� v�� ϴ� ǥ�� ֽ4ϴ�.

��û�̳� �4� då; ��d�� 8�x� �� , ��= ��Ҹ� �� Ӵϴ�.

15�� �޽��� ���� ����

�޽��� ���� d��

�޽��� ���� ����

Application Server�� �޽��� ���� ����

�޽��� ���� å�� ��d

�ý��� ����

�?� �wα׷� ������

�?� �wα׷� ������

���� ��ū �� ���� ü�� d��

���̵� ��ū d��

������ ���� d��

��ȣȭ d��

�޽��� ��ȣ då d��

�޽��� ���� ����� �����

% ���� ����

�?� �wα׷� ��� % ���� ���� ����

���� �?� �wα׷� ����

�޽��� ����; '�� Application Server ����

JCE ����� ����

�޽��� ���ȿ� ���� �� �ܼ� �۾�

�޽��� ���ȿ� ����� Ȱ��ȭ

�޽��� ���� ����� ����

�޽��� ���� ����� �����

��û �� �4� då ���� �۾�

�޽��� ���� ���� ��f

�޽��� ���� ����� ��f

Ŭ���̾�Ʈ �?� �wα׷��� �޽��� ���� Ȱ��ȭ

�?� �wα׷� Ŭ���̾�Ʈ ������ ���� ��û �� �4� då ��d

�ڼ��� ����

15��
�޽��

�޽�� d��

�޽��

Application Server�� ޽��

�޽�� å�� d

�ý��

�?� �wα׷� ��

�?� �wα׷� ��

�� ū �� ü�� d��

��̵� ��ū d��

�� d��

�޽�� ȣ då d��

�޽��

% ��

�?� �wα׷� �� % ��

�� ?� �wα׷� ��

�޽�� ; '�� Application Server ��

JCE ��

�޽�� ȿ� �� ܼ� �۾�

�޽�� ȿ� �� Ȱ��ȭ

�޽��

�޽��

��û �� 4� då �� ۾�

�޽�� f

�޽�� f

Ŭ��̾�Ʈ �?� �wα׷�� ޽�� Ȱ��ȭ

�?� �wα׷� Ŭ��̾�Ʈ �� û �� 4� då ��d

�ڼ��