If you have enabled message security for the Application Server by selecting a provider to be invoked on the client and server for any application for which a specific provider has not been bound, follow these steps to configure the message security providers.
server
, select the server-config
node.default-config
node.ClientProvider
and ServerProvider
ship with the Application Server.client
, server
, or client-server
to establish whether the provider is to be used as a client authentication provider, a server authentication provider, or both (a client-server provider). com.sun.xml.wss.provider.ClientSecurityAuthModule
interface. Server-side providers must implement the com.sun.xml.wss.provider.ServerSecurityAuthModule
interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.The request policy defines the authentication policy requirements associated with request processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.
For more information on the resulting actions of the various security policy configurations performed by the WSS provider authentication modules for those configurations, see "Actions of Request and Response Policy Configurations".
sender
, content
, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password), content authentication (for example, digital signature), or no authentication be applied to request messages. When null is specified, source authentication of the request is not required.beforeContent
or afterContent
to define a requirement for message-layer authentication of the receiver of the request message to its sender (e.g. by XML encryption). When the value is not specified it defaults to afterContent
.The response policy defines the authentication policy requirements associated with response processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.
For more information on the resulting actions of the various security policy configurations performed by the WSS provider authentication modules for those configurations, see "Actions of Request and Response Policy Configurations".
sender
, content
, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password) or content authentication (for example, digital signature) to be applied to response messages. When null is specified, source authentication of the response is not required.beforeContent
or afterContent
to define a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). When the value is not specified it defaults to afterContent
.server.config -
The directory and file name of an XML file that contains the server configuration information. For example, install_dir/domains/
domain_dir/config/wss-server-config.xml
.
Equivalent asadmin
commands are listed below. To set the response policy, replace the word request
in the following commands with response
.
asadmin set --user <admin-user> --port <admin-port>
server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_source=
<sender | content>
asadmin set --user <admin-user> --port <admin-port>
server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_source=
<sender | content>
asadmin set --user <admin-user> --port <admin-port>
server-config.security-service.message-security-config.SOAP.
provider-config.ClientProvider.request-policy.auth_recipient=
<before-content | after-content>
asadmin set --user <admin-user> --port <admin-port>
server-config.security-service.message-security-config.SOAP.
provider-config.ServerProvider.request-policy.auth_recipient=
<before-content | after-content>
See also: