NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | EXAMPLES | EXIT STATUS | SEE ALSO
Enables the administrator to create the message-security-config and provider-config sub-elements for the security service in domain.xml (the file that specifies parameters and properties to the Application Server). The options specified in the list below apply to attributes within the message-security-config and provider-config sub-elements of the domain.xml file.
If the message-layer (message-security-config) does not exist, it is created, and then the provider-config is created under it.
This command is supported in remote mode only.
If an option has a short option name, then the short option preceeds the long option name. Short options have one dash whereas long options have two dashes.
The authorized domain administration server administrative username.
The ––password option is deprecated. Use ––passwordfile instead.
This option replaces the –– password option. Using the ––password option on the command line or through the environment is deprecated. The ––passwordfile option specifies the name of a file containing the password entries in a specified format. The entry for the password must have the AS_ADMIN_ prefix followed by the password name in capital letters. For example, to specify the domain administration server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that can be specified include AS_ADMIN_MAPPEDPASSWORD, AS_ADMIN_USERPASSWORD, AS_ADMIN_MQPASSWORD, AS_ADMIN_ALIASPASSWORD, and so on.
The machine name where the domain administration server is running. The default value is localhost.
The port number of the domain administration server listening for administration requests. The default port number for Enterprise Edition is 4849.
If set to true, uses SSL/TLS to communicate with the domain administration server.
Indicates that any output data must be very concise, typically avoiding human-friendly sentences and favoring well-formatted data for consumption by a script. Default is false.
Setting to true will echo the command line statement on the standard output. Default is false.
If set to true (default), only the required password options are prompted.
Displays the help text for the command.
In Enterprise Edition, specifies the target to which you are deploying. Valid values are
server, which deploys the component to the default server instance server and is the default value
domain, which deploys the component to the domain.
cluster_name, which deploys the component to every server instance in the cluster.
instance_name, which deploys the component to a particular sever instance.
The following optional attribute name/value pairs are available:
Property |
Definition |
---|---|
classname |
Defines the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise. security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type. |
layer |
The message-layer entity used to define the value of the auth-layer attribute of message-security-config elements. The default is SOAP. |
providertype |
Establishes whether the provider is to be used as client authentication provider, server authentication provider, or both. Valid options for this property include client, server, or client-server. The default value is client-server. |
requestauthsource |
The auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to request messages. Possible values are sender or content. When this argument is not specified, source authentication of the request is not required. |
requestauthrecipient |
The auth-recipient attribute defines a requirement for message-layer authentication of the receiver of a message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content. |
responseauthsource |
The auth-source attribute defines a requirement for message-layer sender authentication (e.g. username password) or content authentication (e.g. digital signature) to be applied to response messages. Possible values are sender or content. When this option is not specified, source authentication of the response is not required. |
responseauthrecipient |
The auth-recipient attribute defines a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content. |
isdefaultprovider |
The default-provider attribute is used to designate the provider as the default provider (at the layer) of the type or types identified by the providertype argument. There is no default associated with this option. |
property |
Use this property to pass provider-specific property values to the provider when it is initialized. Properties passed in this way might include key aliases to be used by the provider to get keys from keystores, signing, canonicalization, encryption algorithms, etc. |
The following example shows how to create a message security provider for a client.
asadmin> create-message-security-provider --user admin --passwordfile pwd_file --classname com.sun.enterprise.security.jauth.ClientAuthModule --providertype client mySecurityProvider |
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | OPERANDS | EXAMPLES | EXIT STATUS | SEE ALSO