�� 15 �� Ϣ��ȫ��

��½�� Sun Java System Application Server 8.1 2005Q1 ��Ϊ Web ��Ϣ��İ�ȫ�ԡ��°��⣺

��Ϣ��ȫ��

�й��Ϣ��ȫ�ԵĹ��̨��

��е�ĳЩ��ݼٶ��Ѷ԰�ȫ�Ժ� Web ��˻��˽⡣Ҫ��ϸ�˽��Щ����ڿ�ʼ�Ķq��֮ǰ��ϸ�Ķa��ϸ��Ϣ��г��ݡ�

��Ϣ��ȫ��

��Ϣ��ȫ�Ը��

�˽� Application Server �е��Ϣ��ȫ��

ȷ�� Web ��İ�ȫ

ȷ��Ӧ�ó��İ�ȫ

�� Application Server ��ʵ��Ϣ��ȫ��

��Ϣ��ȫ�Ը��

����Ϣ��ȫ���У��ȫ��Ϣ��뵽��Ϣ��ʹ��ͨ��㴫�䣬��Ϣһ�𵽴��ϢĿ�ꡣ��Ϣ��ȫ��봫��㰲ȫ�Բ�ͬ��ڡ�The J2EE 1.4 Tutorial�� "Security" һ��˵��Ϊ��Ϣ��ȫ�Կ��ڽ��Ϣ��Ϣ��з��뿪��Ӷ�ʹ��Ϣ�ڴ��Ա��ֱ��״̬��

Web ��ȫ�ԣ�SOAP ��Ϣ��ȫ�� (WS-Security) �ǿɽ��ʹ�õ� Web ��ȫ�ԵĹ�ʱ�׼�� OASIS �� Web ��Ҫ�ṩ�̣��( Sun Microsystems��Э��ġ�WS-Security ��һ��Ϣ��ȫ�Ի��ƣ��ʹ�� XML ��ܺ� XML ��ǩ��4ȷ�� SOAP �Ϸ��͵� Web ��Ϣ�İ�ȫ��WS-Security �淶��˶��ְ�ȫ��ƣ��( X.509 ֤�顢SAML ��Ժ��û��/��ƣ��;��֤�ͼ�� SOAP Web ��Ϣ��

�˽� Application Server �е��Ϣ��ȫ��

Sun Java System Application Server 8.1 2005Q1 �� WS-Security ��׼��֧�ּ�� Web ��ͻ��ͷ��ɴ˹��ܣ��ʹ Web ��ȫ��ɴ��Ӧ�ó�� Application Server ��ǿ��ִ�У��ҿ��ʹ�˹��Ӧ��ڱ��κ� Web ��Ӧ�ó��Ӧ�ó��ʵ�ֽ��и�ġ�Application Server ͨ��ṩ��߽� SOAP ��Ϣ��ȫ��ṩ�ߺ��Ϣ��԰󶨵��в��Ӧ�ó��4�ﵽ��Ч��

ָ��Ϣ��ȫ��ְ��

�� Sun Java System Application Server 8.1 2005Q1 �У�ϵͳ��Ա��Ӧ�ó��ɫӦ��Ҫ��Ϣ��ȫ�ԡ��ͨ��£��}��һ��ɫ��Ӧ�ó��ʵ�ֵ��¾Ϳ��ȷ��Ӧ�ó��İ�ȫ��漰��ߣ��ĳЩ��£�Ӧ�ó��򿪷��ǻ��õġ��С�ڶ��˸��ֽ�ɫ��ְ��

ϵͳ��Ա

Ӧ�ó��

Ӧ�ó��򿪷��

ϵͳ��Ա

�� Application Server ��Ϣ��ȫ��ṩ�ߡ�

��û��ݿ⡣

��Կ��δ洢�ļ��

��ʹ�ü��ܲ�� 1.5.0 ��֮ǰ�� Java SDK ʱ�� Java ��)չ (JCE) �ṩ�ߡ�

��װ�� xms ��Ӧ�ó��ʾ��Ϣ�� Web ��ȫ�Ե��;ʱ��ִ�д˲��

ϵͳ��Աʹ�ù��̨4��ȫ��ã��ʹ��й��4��֤��ݿ⡣�� PE �У�֤��ר��Կ�洢��Կ��У�� keytool ��й��?SE �� EE ��֤��ר��Կ�洢�� NSS ��ݿ��У��ʹ�� certutil ��й��?��ĵ��Ҫ��ϵͳ��Ա��й��Ϣ��ȫ��ĸ��μ�� Application Server ��ʵ��Ϣ��ȫ��

Ӧ�ó��

��ν�ɫ��߻��ߣ��δָ��κ��ض��Ӧ�ó��Ϣ��ʱ��ָ��Щ��ԣ��Ӧ�ó��ʱ��

�޸��ض�� Sun �Ĳ��Ϊ Web ��˵�ͷ��ָ��ض��Ӧ�ó��Ϣ��Ϣ�� message-security-binding Ԫ�أ��

Developer's Guide �� "Securing Applications" һ��Щ��ȫ��񡣣��й�ָ��µ�t�ӣ��μ��ϸ��Ϣ��

Ӧ�ó��򿪷��

Ӧ�ó��򿪷��߿��Դ��Ϣ��ȫ�ԣ��Ǳ��Ҫ��Ϣ��ȫ�Կ��ϵͳ��Ա��ã��Ӷ�ȷ�� Web ��İ�ȫ��Ӧ�ó��ã��ڰ󶨵�Ӧ�ó��ṩ�߻򱣻��󶨵��ṩ�߻򱣻��Բ�ͬ��

ȷ��Ӧ�ó��Ƿ��Ҫ�ض��Ӧ�ó��Ϣ��ԡ��Ҫ��ȷ��Ӧ�ó��ʱָ��ͨ��Ӧ�ó��߹�ͨ4��ɡ�

��ڰ�ȫ��ƺͰ�ȫ��

WS-Security �淶Ϊʹ�ð�ȫ��4��֤�ͼ�� SOAP Web ��Ϣ�ṩ�˿�)չ��ơ��ʹ�� Application Server һ��װ�� SOAP ��Ϣ��ȫ��ṩ��4ѡȡ�û��/�� X509 ֤�鰲ȫ��ƣ��֤�ͼ�� SOAP Web ��Ϣ��ѡȡ��ȫ��ƣ��( SAML ��ԣ��ĸ��ṩ�߽�� Application Server �ĺ��汾һ��װ��

��û��

Application Server ʹ�� SOAP ��Ϣ�е��û��4��b��Ϣ����֤��ʶ��û��ƣ��Ƕ��ʽ��У��Ϣ��ռ��ͨ��ȷ�Ϸ��Ƿ�֪��û��ܣ��룩��4��֤��Ϣ��Ƿ�Ϊ��Ȩ��û��б�ʶ��

ʹ��û��ʱ�� Application Server ��Ч��û��ݿ⡣�йظ��ĸ��Ϣ��ġ��༭��

��ǩ��

Application Server ʹ�� XML ��ǩ��֤��ʶ�󶨵��Ϣ���С��ͻ��ʹ��ǩ��4��b��ǵĺ��߱�ʶ��䷽��ʹ�ô��㰲ȫ��ʱ�û��֤�� SSL �ͻ��֤��֤��b��߱�ʶ�ķ��ơ��Ϣ�ռ��˽��ǩ��֤��Ϣ��ݵ�Դ��Ϣ�ķ��˲�ͬ��

ʹ��ǩ��ʱ�� Application Server ��Ч��Կ��δ洢�ļ��йظ��ĸ��Ϣ��ġ��֤��ļ��

��ڼ��

��ܵ�Ŀ��ǽ��޸�Ϊֻ��Ŀ��ʽ��ܹ��ͨ��ü��Ԫ�ش��ԭʼ��4��ɡ��񹫹��Կ��ָ��ʹ�ü��4��b�ܹ��Ķ��Ϣ��һ��෽�ı�ʶ��

ʹ�ü��ʱ��Ȱ�װ֧�ּ��ܵ� JCE �ṩ�ߡ��йظ��ĸ��Ϣ��ġ�� JCE �ṩ��

��Ϣ��

��Ϣ��Ϣ��Ϣ��Ӧ��ģ��ݶ�Դ��/��ռ��֤��Ҫ��4��б�Դ��֤��Դ��һ��󣬼��Ϣ�н�b��Ϣ��Ϣ��ݵ�ʵ��ı�ʶ��ʹ��Ϣ�ռ��˽��֤��ռ��֤��Դ��һ��󣬼��Ϣ��ʹ��Խ��Ϣ��ʵ��ı�ʶ��Ϣ��˽�b��ṩ�߽�Ӧ��ض��Ϣ��ȫ�Ի��ʹ��Ϣ�� SOAP Web ��Ϣ��ʵ�֡�

�ڸ��ṩ��ʱ��Ӧ��Ϣ��ԡ��ض��Ӧ�ó��Ϣ��ԣ�� Web ��˿ڻ��c�ȼ��Ҳ��Ӧ�ó��Ӧ�ó��ͻ��ض�� Sun �Ĳ��н��á��κ��£��Ϣ��ԣ��ͻ��Ӧ��Ϣ��Ա��Ӧ��Ϣ��ƥ�䣨��൱��йض��ض��Ӧ�ó��Ϣ��Եĸ��Ϣ�� Developer's Guide �� "Securing Applications" һ�¡��ϸ��Ϣ��ָ��µ�t�ӡ�

��Ϣ��ȫ��

��֤�ṩ��

Ĭ�Ϸ��ṩ��

Ĭ�ϵĿͻ��ṩ��

ȷ�� Web ��İ�ȫ

ͨ�� SOAP ��Ϣ��ȫ��ṩ�ߺ��Ϣ��԰󶨵��Ӧ�ó��󶨵�Ӧ�ó��ṩ�� Web ��˵㣬4ȷ�� Application Server �в�� Web ��İ�ȫ��ͨ�� SOAP ��Ϣ��ȫ��ṩ�ߺ��Ϣ��԰󶨵��ͻ��󶨵��ɿͻ��Ӧ�ó��Ŀ��ֲ��ã��Ӷ�� Application Server �Ŀͻ�� SOAP ��Ϣ��ȫ�Թ��ܡ�

��װ�� Application Server �󣬽�� Application Server �Ŀͻ��ͷ�� SOAP ��Ϣ��ȫ��ṩ�ߣ��Щ�ṩ�߿��в��ĸ��Ӧ�ó��ͻ��а�ʹ�á��ڰ�װ��У��Щ�ṩ�߽��ü򵥵��Ϣ��ԣ��󶨵��߰󶨵��е�Ӧ�ó��ͻ��Ӧ��Ϣ�е��Դ�� XML ��ǩ��֤��

��Բ�� Application Server �Ĺ��4��ṩ��Ա㹩 Application Server �ķ��ʹ�ã��޸��ṩ��ǿ��ִ�е��Ϣ��ԣ��ʹ��Ϣ��4��µ��ṩ��á��й��Ϣ��ȫ�ԵĹ��̨��ж��Щ��Ӧ�ó��ͻ�� SOAP ��Ϣ�㰲ȫ��ִ��ƵĹ��硰��ÿͻ��Ӧ�ó��Ϣ��ȫ��塣

��ϲ��裨��ܰ�(�� Application Server��Web ��ȫ�Խ�Ӧ�õ� Application Server �в�� Web ��Ӧ�ó��

��ض��Ӧ�ó�� Web ��ȫ��

ͨ��Ӧ�ó��ض�� Sun �Ĳ��ж�� message-security-binding Ԫ�أ��ض��Ӧ�ó�� Web ��ȫ�Թ��ܣ��Ӧ�ó��ʱ��Щ message-security-binding Ԫ��ڽ��ض��ṩ�߻��Ϣ�� Web ��˵��j��Ա��޶��ʹ��ЩԪ��Ӧ�õ��Ӧ�˵��÷��ض��˿ڻ򷽷��

�йض��ض��Ӧ�ó��Ϣ��Եĸ��Ϣ�� Developer's Guide �� "Securing Applications" һ�¡��ϸ��Ϣ��ָ��µ�t�ӡ�

ȷ��Ӧ�ó��İ�ȫ

Application Server ��Ϊ xms ��Ӧ�ó��xms Ӧ�ó��м򵥵� Web ��ܣ�� J2EE EJB �˵�� Java Servlet �˵㹲ͬʵ�֡��}��˵㹲��ͬһ��˵�ӿڡ��˵�ӿڶ��˵�� (sayHello)��˲��ȡһ��ַ��ǰ�� Hello ��д�� String ��ص��ò��С�

��ṩ xms ��Ӧ�ó��4��ʾ Application Server �� WS-Security ��ܵ��;��ȷ�� Web ��Ӧ�ó��İ�ȫ��˵�� Application Server �� WS-Security ��ʹ��ȷ�� xms Ӧ�ó��İ�ȫ��ʾ��Ӧ�ó��ֱ�Ӱ� WS-Security ��ܣ��硰��ض��Ӧ�ó�� Web ��ȫ��ʹ��ض�Ӧ��Ӧ�ó��

xms ��Ӧ�ó��װ��Ŀ¼�У�install_dir\samples\webservices\security\ejb\apps\xms\

�йر��롢��װ�� xms ��Ӧ�ó��Ϣ�� Developer's Guide �� "Securing Applications" һ�¡��ϸ��Ϣ��ָ��µ�t�ӡ�

�� Application Server ��ʵ��Ϣ��ȫ��

Application Server ʹ�� SOAP ��м��ɵ��Ϣ��ȫ��ṩ��4ʵ��Ϣ��ȫ�ԡ��Ϣ��ȫ��ṩ��ȡ�� Application Server ��ȫ�Թ��ߡ�

��ʹ�õ� Java SDK �İ汾�� 1.5.0��ʹ��˼��ܼ�� JCE �ṩ�ߡ�

�� JCE �ṩ��˵�� JCE �ṩ�ߡ�

��ʹ��û��ƣ��ڱ�Ҫʱ��û��ݿ⡣ʹ��û��/��ʱ��ʵ��Ϊ��ʵ��û��ݿ⡣

��༭��˵��û��ݿ⡣

��֤��ר��Կ��б�Ҫ��

��֤��ļ��˵��ι��֤��ר��Կ��

��ѽ� Application Server �Ĺ��Ϊ��Ϣ��ȫ��ṩ��ʹ�ã��򽫻�� Application Server һ��װ��ṩ�ߣ��硰��Ϣ��ȫ��ṩ��

�� JCE �ṩ��

J2SE 1.4.x �а�(�� Java ��)չ (JCE) �ṩ�߲�֧�� RSA ��ܡ�� WS-Security �� XML ��ͨ��ǻ�� RSA ��ܣ��Ϊ��ʹ�� WS-Security 4�� SOAP ��Ϣ��ز��װ֧�� RSA ��ܵ� JCE �ṩ�ߡ�

ע��RSA �� RSA Data Security, Inc. ��Ĺ��Կ��ܼ��RSA ��Դʷֱ��ü��λ��ߣ�Rivest��Shamir �� Adelman��

�� 1.5 �� Java SDK �� Application Server��ȷ�� JCE �ṩ�ߡ�� 1.4.x �� Java SDK �� Application Server��ִ��²��Ծ�̬��ʽ�� JCE �ṩ��Ϊ JDK ��һ��֡�

��ز��װ JCE �ṩ�� JAR��Java �鵵��ļ��ͨ�� URL ��Ի��֧�� RSA ��ܵ� JCE �ṩ�ߵ��б?

�� JCE �ṩ�� JAR �ļ��Ƶ� <JAVA_HOME>/jre/lib/ext/ �С�

ֹͣ Application Server��δֹͣ Application Server ��4��ڸý�� Application Server�� Application Server ��޷�ʶ�� JCE �ṩ�ߡ�

��κ�һ��ı��༭��б༭ <JAVA_HOME>/jre/lib/security/java.security ��ļ��ղ��ص� JCE �ṩ��ӵ��ļ��java.security �ļ��Ӹ��ṩ�ߵ��ϸ˵��ͨ��Ҫ�ھ��Ե�ĳ��λ�ô��һ�У��ʽ��£�


security.provider.<n>=<provider class name>

�ڱ�ʾ��У�<n> �� Application Server �90�ȫ��ṩ��ʱʹ�õ��ȼ�˳�򡣽��ղ��ӵ� JCE �ṩ�ߵ� <n> ֵ��Ϊ 2��

��磬��ص�� Legion of the Bouncy Castle JCE �ṩ�ߣ��Ӧ��С�


security.provider.2=org.bouncycastle.jce.provider.
BouncyCastleProvider

ȷ�� Sun ��ȫ��ṩ�߱��ȼ��ֵΪ 1��


security.provider.1=sun.security.provider.Sun

��ȫ��ṩ�ߵ��ȼ��ͣ��Ӷ�ʹÿ��ȼ��ֻ��һ��ȫ��ṩ�ߡ�

��ṩ�� JCE �ṩ�߲��ṩ�߱��ȷλ�õ� java.security �ļ��ʾ��


security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.
BouncyCastleProvider
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.rsajca.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider

��沢�ر��ļ��

�� Application Server��

�й��Ϣ��ȫ�ԵĹ��̨��

Ϊʹ��Ϣ��ȫ�Զ�� Application Server ��õĴ󲿷ֲ��趼��ͨ��ʹ�ù��̨��asadmin ��й��߻�ͨ��ֶ��༭ϵͳ�ļ�4��ɡ�ͨ��ʹ�ñ༭ϵͳ�ļ��Ϊ��ܻᵼ�³��ʶ�ĸ�Ķ�ʹ Application Server ��У��ԣ��п��ܣ��ѡ��ʹ�ù��̨4�� Application Server��ѡ��ʹ�� asadmin ����޹��̨��Ч�� asadmin ʱ��ʹ��ֶ��༭ϵͳ�ļ��衣

�ԣ��ɲ��룩��֤ģ��ʽ��Ϣ�㰲ȫ��֧�ּ��ɵ� Application Server ��ͻ��С�Ĭ��£�Application Server �е��Ϣ�㰲ȫ�Դ��ڽ��״̬��¸��ṩ��á��༭��ɾ��Ϣ��ȫ��ú��ṩ�ߵ��ϸ��Ϣ��

��£��ִ��г�Ĺ��Ӧ�� Application Server��ڵ�ִ��ʱ��Ҫ��ĵ�Ч��Ӧ�õ� Application Server ��Ѳ��Ӧ�ó��е��

��Ϣ��ȫ��ṩ��

ҪΪ�� Application Server �в�� Web ��˵��Ϣ��ȫ�ԣ��ָ��Ҫ�ڷ��Ĭ��ʹ�õ��ṩ�ߡ��Ϣ��ȫ�Ե�Ĭ��ṩ�ߣ��Ҫ��Ҫ�� Application Server �в�� Web ��ͻ��ʹ�õ��ṩ�ߡ��ÿͻ��Ӧ�ó��Ϣ��ȫ��˵��й��ÿͻ��ʹ�õ��ṩ�ߵ��Ϣ��

ҪΪԴ��Ѳ��Ķ˵�� Web ��Ϣ��ȫ�ԣ��ָ��Ĭ�Ͽͻ��ṩ�ߡ��Ϊ Application Server ��Ĭ�Ͽͻ��ṩ�ߣ��ȷ�� Application Server �в��Ķ˵��е��õ��з��Ϊ��Ϣ�㰲ȫ�Լ��ݡ�

�ڹ��̨��У�չ��á��ڵ㡣

ѡ��Ҫ��õ�ʵ��

Ҫ��ض��ʵ��ѡ��ʵ��ýڵ㡣��磬��Ĭ��ʵ�� server��ѡ�� server-config �ڵ㡣

Ҫ��ʵ��Ĭ��ã��ѡ�� default-config �ڵ㡣

չ��ȫ�ԡ��ڵ㡣

չ��Ϣ��ȫ�ԡ��ڵ㡣

ѡ��SOAP��ڵ㡣

ѡ��Ϣ��ȫ�ԡ�ѡ���

�ڡ��༭��Ϣ��ȫ��á�ҳ��У�ָ��һ��Ҫ��ڷ��˵��ṩ�ߺ�һ��Ҫ��ڿͻ��˵��ṩ�ߣ��δ��ض��ṩ�ߵ��Ӧ�ó��ͨ��޸��¿�ѡ��4��ɴ˲��

Ĭ��ṩ����ҪΪ��δ��ض��ṩ�ߵ��κ�Ӧ�ó��õķ��ṩ�ߵı�ʶ��

Ĭ��£�û��Ϊ Application Server ѡ��κ��ṩ��á�Ҫ��ʶ��ṩ�ߣ��ѡ�� ServerProvider��ѡ��ѡ��ζ�Ų��ڷ��ˣ�Ĭ��£��Ϣ��ȫ��ṩ�ߡ�

ͨ��Ӧ�ڸ��ֶ��ѡ�� ServerProvider��

Ĭ�Ͽͻ��ṩ����ҪΪ��δ��ض��ͻ��ṩ�ߵ��κ�Ӧ�ó��õĿͻ��ṩ�ߵı�ʶ��

Ĭ��£�û��Ϊ Application Server ѡ��κ��ṩ��á�Ҫ��ʶ�ͻ��ṩ�ߣ��ѡ�� ClientProvider��ѡ��ѡ��ζ�Ų��ڿͻ��ˣ�Ĭ��£��Ϣ��ȫ��ṩ�ߡ�

ͨ��Ӧ�ڸ��ֶ��ѡ��ա��Ҫ��Ĭ��ṩ�ߺ��Ϣ��Ӧ�õ�Դ�� Application Server �� Web ��˵�� Web ��ã��Ӧѡ�� ClientProvider��

��桱��

��ÿͻ��ṩ�߲��Ҫ�޸��õ��ṩ�ߵ��Ϣ��ԣ��ġ��Ϣ��ȫ��ṩ��Ի��й��޸��ڴ˲��õ��Ϣ��ȫ��ṩ�ߵ��õ��Ϣ��

Ҫָ��Ĭ�ϵķ��ṩ�ߣ��ʹ�ã�


asadmin set --user <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
default_provider=ServerProvider

Ҫָ��Ĭ�ϵĿͻ��ṩ�ߣ��ʹ�ã�


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
default_client_provider=ClientProvider

��Ϣ��ȫ��ṩ��

ͨ��Ӧ��ṩ��޸��Ϣ��ԣ��Ȼ�ṩ��͡�ʵ��ض��ṩ�ߵ��Կ��Ҳ��Ҫ�޸ġ��밴��в��Ϣ��ȫ��ṩ�ߡ�

�ڹ��̨��У�չ��á��ڵ㡣

ѡ��Ҫ��õ�ʵ��

Ҫ��ض��ʵ��ѡ��ʵ��ýڵ㡣��磬��Ĭ��ʵ�� server��ѡ�� server-config �ڵ㡣

Ҫ��ʵ��Ĭ��ã��ѡ�� default-config �ڵ㡣

չ��ȫ�ԡ��ڵ㡣

չ��Ϣ��ȫ�ԡ��ڵ㡣

ѡ��SOAP��ڵ㡣

ѡ��ṩ�ߡ�ѡ���

ѡ��Ҫ�༭��Ϣ��ȫ��ṩ�ߡ�Application Server �� ClientProvider �� ServerProvider��

�ڡ��༭�ṩ��á�ҳ��ġ��ṩ��á��֣��޸��ԣ�

�ṩ����ѡ�� client��server �� client-server ��ȷ��ǽ��ṩ��ͻ��֤�ṩ�ߡ��֤�ṩ�߻��Ǽ��}�ߣ��ͻ��-��ṩ�ߣ��

����ṩ�ߵ� Java ʵ��ࡣ�ͻ��֤�ṩ�߱��ʵ�� com.sun.xml.wss.provider.ClientSecurityAuthModule �ӿڡ��ṩ�߱��ʵ�� com.sun.xml.wss.provider.ServerSecurityAuthModule �ӿڡ�һ��ṩ�߿��ʵ��}�ֽӿڣ��ṩ�߱��ʵ�ֶ�Ӧ��ṩ��͵Ľӿڡ�

�ڡ��ṩ��á�ҳ��ġ��ԡ��֣��Ҫ��ѡֵ��Щ��ǿ�ѡ�ģ��ָ��Щ��ԣ��Ϣִ��κ��֤��

����֤�ṩ��ִ�е��j��֤��Ҫ�󡣰��Ϣ��˵�˳��Щ��ԣ��Ӷ�ʹ��֮��ֵļ��ʾ��Ϣ�ռ��˽��֤ǩ��֮ǰ��Ҫ��Ϣ��н��ܡ�

��֤Դ��ѡ�� sender��content ��գ��հ�ѡ�4��Ϣ�㷢��֤��Ҫ��û��룩��֤��ǩ��򲻶��Ϣִ��κ��֤��ָ��Ϊ�գ��Ҫ��Դ��֤��

��֤�ռ����ѡ�� beforeContent �� afterContent 4��򷢼��Ӧ��Ϣ��ռ��˵��Ϣ��֤��磬ͨ�� XML ��ܣ��ָ��ֵ��ΪĬ��ֵ afterContent��

�й�Ϊ��Ϣ��Զ�� SOAP ��Ϣ��ȫ��ṩ��ִ�еĲ��˵��μ��ú��Ӧ��õĲ��

�ڡ��ṩ��á�ҳ��ġ��Ӧ��ԡ��֣��Ҫ��ѡ��ԡ��Щ��ǿ�ѡ�ģ��ָ��Щ��ԣ��Ӧ��Ϣִ��κ��֤��

��Ӧ����֤�ṩ��ִ�е��Ӧ��j��֤��Ҫ�󡣰��Ϣ��˵�˳��Щ��ԣ��Ӷ�ʹ��֮��ֵļ��ʾ��Ϣ�ռ��˽��֤ǩ��֮ǰ��Ҫ��Ϣ��н��ܡ�

��֤Դ��ѡ�� sender��content ��գ��հ�ѡ�4��ҪӦ�õ��Ӧ��Ϣ��Ϣ�㷢��֤��û����֤��ǩ��ָ��Ϊ�գ��Ҫ��Ӧ��Դ��֤��

�й�Ϊ��Ϣ��Զ�� SOAP ��Ϣ��ȫ��ṩ��ִ�еĲ��˵��μ��ú��Ӧ��õĲ��

ͨ��ԡ��ť��ԡ�Application Server ��ṩ��֧��г��ԡ��ʹ��ṩ�ߣ��й��Ժ��Чֵ�ĸ��Ϣ��ṩ�ߵ��ĵ��

server.config��Ϣ�� XML �ļ��Ŀ¼��ļ��磬��ֵΪ install_dir/domains/domain_dir/config/wss-server-config.xml��

��桱��

��г��˵�Ч�� asadmin ��Ҫ��Ӧ��ԣ�� response һ��滻��е� request һ�ʡ�

Ҫ��ӵ��ͻ��֤Դ��ʹ�ã�


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_source=
<sender | content>

Ҫ��ӵ��֤Դ��ʹ�ã�


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_source=
<sender | content>

Ҫ��ӵ��ͻ��֤�ռ��ˣ��ʹ�ã�


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_recipient=
<before-content | after-content>

Ҫ��ӵ��֤�ռ��ˣ��ʹ�ã�


asadmin  set --user  <admin-user> --port <admin-port> server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_recipient=
<before-content | after-content>

��Ϣ��ȫ��ṩ��

Ҫ��µ��Ϣ��ȫ��ṩ�ߣ��ִ��²��衣Ҫ��ṩ�ߣ��ִ��Ϣ��ȫ��ṩ��еĲ��衣

�ڹ��̨��У�չ��á��ڵ㡣

ѡ��Ҫ��õ�ʵ��

Ҫ��ض��ʵ��ѡ��ʵ��ýڵ㡣��磬��Ĭ��ʵ�� server��ѡ�� server-config �ڵ㡣

Ҫ��ʵ��Ĭ��ã��ѡ�� default-config �ڵ㡣

չ��ȫ�ԡ��ڵ㡣

չ��Ϣ��ȫ�ԡ��ڵ㡣

ѡ��SOAP��ڵ㡣

ѡ��ṩ�ߡ�ѡ���

�ڡ��ṩ��á�ҳ��У��½��

�ڡ��ṩ��á�ҳ��ġ��ṩ��á��֣��Ϣ��

Ĭ��ṩ����ѡ�и��ֶ��ԱߵĿ��ʹ��Ϣ��ȫ��ṩ�߳�ΪҪΪ��δ��ض��ṩ�ߵ��κ�Ӧ�ó��õ��ṩ�ߡ��ṩ��ǳ�ΪĬ�Ͽͻ��ṩ�ߡ�Ĭ�Ϸ��ṩ�߻��}�߼��֮��ȡ��Ϊ��ṩ��͡��ѡ��ֵ��

�ṩ�� ID��ṩ��õı�ʶ��ƽ��ʾ�ڡ��ǰ�ṩ��á��б��С�

�ڡ��ṩ��á�ҳ��ġ��ԡ��֣��Ҫ��ѡֵ��Щ��ǿ�ѡ�ģ��ָ��Щ��ԣ��Ϣִ��κ��֤��

�й�Ϊ��Ϣ��Զ�� SOAP ��Ϣ��ȫ��ṩ��ִ�еĲ��˵��μ��ú��Ӧ��õĲ��

�ڡ��ṩ��á�ҳ��ġ��Ӧ��ԡ��֣��Ҫ��ѡ��ԡ��Щ��ǿ�ѡ�ģ��ָ��Щ��ԣ��Ӧ��Ϣִ��κ��֤��

�й�Ϊ��Ϣ��Զ�� SOAP ��Ϣ��ȫ��ṩ��ִ�еĲ��˵��μ��ú��Ӧ��õĲ��

ͨ��ԡ��ť��ԡ�Application Server ��ṩ��֧��г��ԡ��ʹ��ṩ�ߣ��й��Ժ��Чֵ�ĸ��Ϣ��ṩ�ߵ��ĵ��

server.config��Ϣ�� XML �ļ��Ŀ¼��ļ��磬��ֵΪ install_dir/domains/domain_dir/config/wss-server-config.xml��

��ȷ��ã��򵥻�ȡ��˳��ġ�

��ú��Ӧ��õĲ��

�� 15-1 ��ʾ��Ϣ��Լ��ɸ��õ� WS-Security SOAP ��Ϣ��ȫ��ṩ��ִ�е��Ϣ��ȫ�Բ��

�� 15-1 ��Ϣ�� WS-Security SOAP ��Ϣ��ȫ�Բ��ӳ��
��Ϣ��	��յ� WS-Security SOAP ��Ϣ��
auth-source="sender"	��Ϣ�� `wsse:Security` ��ͷ��˱�ͷ�� `wsse:UsernameToken`��룩��
auth-source="content"	�� SOAP ��Ϣ��ݽ��ǩ��Ϣ�� `wsse:Security` ��ͷ��˱�ͷ��ʾΪ `ds`:`Signature` ��Ϣ��ǩ��
auth-source="sender" auth-recipient="before-content" �� auth-recipient="after-content"	SOAP ��Ϣ��Ѽ��ܲ��յ� `xend:EncryptedData` �滻��Ϣ�� `wsse:Security` ��ͷ��˱�ͷ�� `wsse:UsernameToken��룩`�� `xenc:EncryptedKey`��`xenc:EncryptedKey` ��ڼ�� SOAP ��Ϣ��Կ��Կ��ռ��˵Ĺ��Կ�м��ܡ�
auth-source="content" auth-recipient="before-content"	SOAP ��Ϣ��Ѽ��ܲ��յ� xend:EncryptedData �滻�� `xenc:EncryptedData` ��ǩ��Ϣ�� `a wsse:Security` ��ͷ��˱�ͷ�� `xenc:EncryptedKey` �� `ds`:`Signature`��`xenc:EncryptedKey` ��ڼ�� SOAP ��Ϣ��Կ��Կ��ռ��˵Ĺ��Կ�м��ܡ�
auth-source="content" auth-recipient="after-content"	�� SOAP ��Ϣ��ݽ��ǩ��ܣ��յ� xend:EncryptedData �滻��Ϣ�� `wsse:Security` ��ͷ��˱�ͷ�� `xenc:EncryptedKey` �� `dsSignature`��`xenc:EncryptedKey` ��ڼ�� SOAP ��Ϣ��Կ��Կ��ռ��˵Ĺ��Կ�м��ܡ�
auth-recipient="before-content" �� auth-recipient="after-content"	SOAP ��Ϣ��Ѽ��ܲ��յ� xend:EncryptedData �滻��Ϣ�� `wsse:Security` ��ͷ��˱�ͷ�� `xenc:EncryptedKey`��`xenc:EncryptedKey` ��ڼ�� SOAP ��Ϣ��Կ��Կ��ռ��˵Ĺ��Կ�м��ܡ�
δָ��ԡ�	ģ��δִ��κΰ�ȫ��

ɾ��Ϣ��ȫ��

�ڹ��̨��У�չ��á��ڵ㡣

ѡ��Ҫ��õ�ʵ��

Ҫ��ض��ʵ��ѡ��ʵ��ýڵ㡣��磬��Ĭ��ʵ�� server��ѡ�� server-config �ڵ㡣

Ҫ��ʵ��Ĭ��ã��ѡ�� default-config �ڵ㡣

չ��ȫ�ԡ��ڵ㡣

ѡ��Ϣ��ȫ�ԡ��ڵ㡣

��Ҫɾ��Ϣ��ȫ��ĸ�ѡ��

��ɾ��

ɾ��Ϣ��ȫ��ṩ��

�ڹ��̨��У�չ��á��ڵ㡣

ѡ��Ҫ��õ�ʵ��

Ҫ��ض��ʵ��ѡ��ʵ��ýڵ㡣��磬��Ĭ��ʵ�� server��ѡ�� server-config �ڵ㡣

Ҫ��ʵ��Ĭ��ã��ѡ�� default-config �ڵ㡣

չ��ȫ�ԡ��ڵ㡣

չ��Ϣ��ȫ�ԡ��ڵ㡣

ѡ��SOAP��ڵ㡣

ѡ��ṩ�ߡ�ҳ�档

��Ҫɾ��ṩ��ĸ�ѡ��

��ɾ��

��ÿͻ��Ӧ�ó��Ϣ��ȫ��

��ÿͻ��ṩ�ߵ��Ϣ��ԣ��ʹ��Ч�ڽ��н��ķ��ṩ�ߵ��Ϣ��ԡ��ڰ�װ Application Server ʱ��ã��δ��ã��ṩ��ѷ�ϴ��

Ҫ��ÿͻ��Ӧ�ó��Ϣ��ȫ�ԣ��޸�Ӧ�ó��ͻ��ض�� Sun Java System Application Server ��á�

Ҫ��Ӧ�ó��ͻ��е�Ĭ�Ͽͻ��ṩ�ߣ��ִ��²��裺

ֹͣ��ȡ��ڿͻ��Ŀͻ��Ӧ�ó��

��ı��༭��д� Sun Ӧ�ó��ͻ��λ�� install_dir/domains/domain_dir/config/sun-acc.xml��

��ı��ӵ��ļ��Ӧ�ó��ͻ��е�Ĭ�Ͽͻ��ṩ�ߡ��ṩ��룬��ʾ��ÿͻ��Ӧ�ó��Ϣ��ȫ�ԵĴ��ڵ�λ�á��Ǵ��ڰ�װ�п��в�ͬ��Щ�Ǵ��ı��


<client-container>
  <target-server name="<your_host>" address="<your_host>" port="<your_port>"/>
  <log-service file="" level="WARNING"/>
  <message-security-config auth-layer="SOAP"     default-client-provider="ClientProvider">
    <provider-config
      class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"       provider-id="ClientProvider" provider-type="client">
      <request-policy auth-source="sender"/>
      <response-policy/>
       <property name="security.config"       value="C:/Sun/AppServer/lib/appclient/wss-client-config.xml"/>
    </provider-config>
  </message-security-config>
</client-container>

�ͻ��õ��Ϣ��ȫ��ṩ�߻��Ҫ��ж�ר��Կ��֤��ķ��Ȩ�ޡ��⽫ͨ��Ϊ��ϵͳ��ԣ�λ��Ӧ�ó��ͻ��ű��У��ʵ��ֵ4��ɡ�

��Ӧ�ó��ͻ��õ��Ժ��Ӧ��

��Ժ��Ӧ����֤�ṩ��ִ�е��Ӧ��j��֤��Ҫ�󡣰��Ϣ��˵�˳��Щ��ԣ��Ӷ�ʹ��֮��ֵļ��ʾ��Ϣ�ռ��˽��֤ǩ��֮ǰ��Ҫ��Ϣ��н��ܡ�

Ҫ��Ϣ��ȫ�ԣ��ڷ��Ҳ�ڿͻ��Ժ��Ӧ��ԡ��ڿͻ��ͷ��ò��ʱ��ȷ��/��ӦӦ�ó��򼶱��Ϣ�󶨵ı��Ŀͻ��ƥ�䡣

Ҫ��Ӧ�ó��ͻ��õ��ԣ��밴��ÿͻ��Ӧ�ó��Ϣ��ȫ��޸�Ӧ�ó��ͻ�� Sun Java System Application Server �ض��á��Ӧ�ó��ͻ��ļ��У��ı��ԡ��ṩ��ο��Ǵ��ڰ�װ�п��в�ͬ��Щ�Ǵ��ı��

auth-source ��Чֵ��( sender �� content��auth-recipient ��Чֵ��( before-content �� after-content��ú��Ӧ��õĲ��а�һ��?��˵��Щֵ�ĸ��ϵĽ��

��ϸ��Ϣ

��ͨ�� URL �鿴 Java 2 Standard Edition �İ�ȫ��ۣ�
http://java.sun.com/j2se/1.4.2/docs/guide/security/index.html

��Դ�� URL �鿴��The J2EE 1.4 Tutorial�� "Security" һ�£�
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/index.html

��ָ�ϵġ��Ϣ��ȫ��һ�¡�

Developer's Guide �� "Securing Applications" һ�¡�

��Դ�� URL �鿴��Oasis Web Services Security: SOAP Message Security (WS-Security)��淶��
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf

��Դ�� URL ��ҵ��OASIS Web Services Security Username Token Profile 1.0��
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf

��Դ�� URL ��ҵ��OASIS Web Services Security X.509 Certificate Token Profile 1.0��
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0.pdf

��ͨ�� URL �鿴 XML-Signature Syntax and Processing �ĵ��
http://www.w3.org/TR/xmldsig-core/

��ͨ�� URL �鿴 XML Encryption Syntax and Processing �ĵ��
http://www.w3.org/TR/xmlenc-core/

�� 15 �� ������Ϣ��ȫ��

������Ϣ��ȫ��

��Ϣ��ȫ�Ը���

�˽� Application Server �е���Ϣ��ȫ��

ָ����Ϣ��ȫ��ְ��

ϵͳ����Ա

Ӧ�ó�������

Ӧ�ó��򿪷���

���ڰ�ȫ���ƺͰ�ȫ����

�����û�������

��������ǩ��

���ڼ���

������Ϣ��������

��Ϣ��ȫ�������

ȷ�� Web ����İ�ȫ

�����ض���Ӧ�ó���� Web ����ȫ��

ȷ������Ӧ�ó���İ�ȫ

���� Application Server ��ʵ����Ϣ��ȫ��

���� JCE �ṩ��

�й���Ϣ��ȫ�ԵĹ������̨����

������Ϣ��ȫ���ṩ��

������Ϣ��ȫ���ṩ��

������Ϣ��ȫ���ṩ��

����������ú���Ӧ�������õĲ���

ɾ����Ϣ��ȫ������

ɾ����Ϣ��ȫ���ṩ��

���ÿͻ���Ӧ�ó������Ϣ��ȫ��

����Ӧ�ó���ͻ������õ�������Ժ���Ӧ����

��ϸ��Ϣ

�� 15 ��
��Ϣ��ȫ��

��Ϣ��ȫ��

��Ϣ��ȫ�Ը��

�˽� Application Server �е��Ϣ��ȫ��

ָ��Ϣ��ȫ��ְ��

ϵͳ��Ա

Ӧ�ó��

Ӧ�ó��򿪷��

��ڰ�ȫ��ƺͰ�ȫ��

��û��

��ǩ��

��ڼ��

��Ϣ��

��Ϣ��ȫ��

ȷ�� Web ��İ�ȫ

��ض��Ӧ�ó�� Web ��ȫ��

ȷ��Ӧ�ó��İ�ȫ

�� Application Server ��ʵ��Ϣ��ȫ��

�� JCE �ṩ��

�й��Ϣ��ȫ�ԵĹ��̨��

��Ϣ��ȫ��ṩ��

��Ϣ��ȫ��ṩ��

��Ϣ��ȫ��ṩ��

��ú��Ӧ��õĲ��

ɾ��Ϣ��ȫ��

ɾ��Ϣ��ȫ��ṩ��

��ÿͻ��Ӧ�ó��Ϣ��ȫ��

��Ӧ�ó��ͻ��õ��Ժ��Ӧ��