|
|
|
NAME
create-message-security-provider - enables administrators to create the message-security-config and provider-config sub-elements for the
security service in domain.xml
SYNOPSIS
create-message-security-provider --user admin_user [--passwordfile filename] [--host host_name] [--port port_number] [--secure|-s] [--terse=false] [--echo=false] [--interactive=true] [--help] [--target target] --classname provider_class [--layer message_layer] [--providertype provider_type] [--requestauthsource request_auth_source] [--requestauthrecipient request_auth_recipient] [--responsetauthsource response_auth_source] [--responseauthrecipient response_auth_recipient] [--isdefaultprovider] [--property (name=value)[:name=value]*] provider_name
Enables the administrator to create the message-security-config and provider-config sub-elements for the
security service in domain.xml (the file that specifies
parameters and properties to the Application Server). The options specified
in the list below apply to attributes within the message-security-config and provider-config sub-elements of the domain.xml file.
If the message-layer (message-security-config)
does not exist, it is created, and then the provider-config
is created under it.
This command is supported in remote mode only.
If an option has a short option name, then the short option preceeds
the long option name. Short options have one dash whereas long options have
two dashes.
- -u --user
-
The authorized domain application server administrative
username.
- -w --password
-
The --password option is deprecated. Use --passwordfile instead.
- --passwordfile
-
This option replaces the --
password option. Using the --password option on the command line or through the environment is deprecated.
The --passwordfile option specifies
the name of a file containing the password entries in a specified format.
The entry for the password must have the AS_ADMIN prefix followed by the
password name in capital letters. For example, to specify the domain application
server password, use an entry with the following format: AS_ADMIN_PASSWORD=password, where password is the actual administrator password. Other passwords that
can be specified include MAPPEDPASSWORD, USERPASSWORD, SAVEDMASTERPASSWORD,
MQPASSWORD, ALIASPASSWORD, and so on.
- -H --host
-
The machine name where the domain application
server is running. The default value is localhost.
- -p --port
-
The port number of the domain application
server listening for administration requests. The default port number for
Platform Edition is 4848. The default port number for Enterprise Edition is
4949.
- -s --secure
-
If set to true, uses SSL/TLS to communicate
with the domain application server.
- -t --terse
-
Indicates that any output data must be very
concise, typically avoiding human-friendly sentences and favoring well-formatted
data for consumption by a script. Default is false.
- -e --echo
-
Setting to true will echo the command line
statement on the standard output. Default is false.
- -I --interactive
-
If set to true (default), only the required
password options are prompted.
- -h --help
-
Displays the help text for the command.
- --target
-
In Enterprise Edition, specifies the target to which you are
deploying. Valid values are
-
server, which deploys the component to
the default server instance server and is the default value
-
domain, which deploys the component to
the domain.
-
cluster_name, which deploys the
component to every server instance in the cluster.
-
instance_name, which deploys the
component to a particular sever instance.
-
-
The following optional attribute
name/value pairs are available:
Property | Definition |
classname | Defines the Java implementation class of the provider. Client authentication
providers must implement the com.sun.enterprise. security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must
implement the interface corresponding to its provider type. |
layer | The message-layer entity used to define the value of the auth-layer attribute of message-security-config elements.
The default is SOAP. |
providertype | Establishes whether the provider is to be used as client authentication provider,
server authentication provider, or both. Valid options for this property include client, server, or client-server. The default value is client-server. |
requestauthsource | The auth-source attribute defines a requirement for message-layer
sender authentication (e.g. username password) or content authentication (e.g.
digital signature) to be applied to request messages. Possible values are sender or content. When this argument is not
specified, source authentication of the request is not required. |
requestauthrecipient | The auth-recipient attribute defines
a requirement for message-layer authentication of the receiver of a message
to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default value is after-content. |
responseauthsource | The auth-source attribute defines a requirement for message-layer
sender authentication (e.g. username password) or content authentication (e.g.
digital signature) to be applied to response messages. Possible values are sender or content. When this option is not
specified, source authentication of the response is not required. |
responseauthrecipient | The auth-recipient attribute defines
a requirement for message-layer authentication of the receiver of the response
message to its sender (e.g. by XML encryption). Possible values are before-content or after-content. The default
value is after-content. |
isdefaultprovider | The default-provider attribute is used to designate the
provider as the default provider (at the layer) of the type or types identified
by the providertype argument. There is no default associated
with this option. |
property | Use this property to pass provider-specific property values to the provider
when it is initialized. Properties passed in this way might include key aliases
to be used by the provider to get keys from keystores, signing, canonicalization,
encryption algorithms, etc. |
-
provider_name
-
The name of the provider used to reference the provider-config element.
Example 1. Using create-message-security-provider
The following example shows how to create a message security provider
for a client.
asadmin> create-message-security-provider --user admin
--classname com.sun.enterprise.security.jauth.ClientAuthModule
--providertype client mySecurityProvider
- 0
-
command executed successfully
- 1
-
error in executing the command
delete-message-security-provider(1), list-message-security-providers(1)
J2EE SDK 1.4 | Go To Top | Last Changed 22 Dec 2004 |
Company Info
|
Contact
|
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
Use is subject to license terms.
|