To create a new message security provider, follow these steps. To configure an existing provider, follow the steps in "Configuring a Message Security Provider".
client
, server
, or client-server
to establish whether the provider is to be used as a client authentication provider, a server authentication provider, or both (a client-server provider). com.sun.xml.wss.provider.ClientSecurityAuthModule
interface. Server-side providers must implement the com.sun.xml.wss.provider.ServerSecurityAuthModule
interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.For more information on the resulting actions of the various security policy configurations performed by the WSS provider authentication modules for those configurations, see "Actions of Request and Response Policy Configurations".
sender
, content
, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password), content authentication (for example, digital signature), or no authentication be applied to request messages. When null is specified, source authentication of the request is not required.beforeContent
or afterContent
to define a requirement for message-layer authentication of the receiver of the request message to its sender (e.g. by XML encryption). When the value is not specified it defaults to afterContent
.For more information on the resulting actions of the various security policy configurations performed by the WSS provider authentication modules for those configurations, see "Actions of Request and Response Policy Configurations".
sender
, content
, or null (the blank option) to define a requirement for message-layer sender authentication (for example, username password) or content authentication (for example, digital signature) to be applied to response messages. When null is specified, source authentication of the response is not required.beforeContent
or afterContent
to define a requirement for message-layer authentication of the receiver of the response message to its sender (e.g. by XML encryption). When the value is not specified it defaults to afterContent
.server.config -
The directory and file name of an XML file that contains the server configuration information. For example, install_dir/domains/
domain_dir/config/wss-server-config.xml
.
Equivalent asadmin
command: create-message-security-provider
See also:
Table 0-1 shows possible security policy configurations and the resulting set and order of security operations performed by the WSS provider authentication modules for that configuration.
The authentication providers can perform multiple sign/encrypt operations when a corresponding flag is set on the request and/or response policies. The rules for mapping are as shown in Table 0-2.