The default client provider is set up on the application client container to match up the server policies. The default client side provider on the server side is set up on the server side to match up the server policies on this server with the server policies of another server that contains modules for which this server is a client.
To enable message security for client applications, modify the Sun Java System Application Server-specific configuration for the application client container.
To enable a default client provider in the application client, follow these steps:
/domains/
domain_dir/config/sun-acc.xml.
<client-container>
<target-server name="<your_host>" address="<your_host>" port="<your_port>"/>
<log-service file="" level="WARNING"/>
<message-security-config auth-layer="SOAP"
default-client-provider="ClientProvider">
<provider-config
class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"
provider-id="ClientProvider" provider-type="client">
<request-policy auth-source="sender"/>
<response-policy/>
<property name="security.config"
value="C:/Sun/AppServer/lib/appclient/wss-client-config.xml"/>
</provider-config>
</message-security-config>
</client-container>
See also:
The request and response policies define the authentication policy requirements associated with request and response processing performed by the authentication provider. Policies are expressed in message sender order such that a requirement that encryption occur after content would mean that the message receiver would expect to decrypt the message before validating the signature.
To achieve message security, the request and response policies must be enabled on both the server and client. When configuring the policies on the client and server, make sure that the client policy matches the server policy for request/response protection at application-level message binding.
To set the request policy for the application client configuration, modify the Sun Java System Application Server-specific configuration for the application client container as described in "Enabling Message Security for Client Applications". In the application client configuration file, add the text in bold to set the request policy. The other code is provided for reference. The code that is not in bold may differ slightly in your installation, do not change the text that is not in bold.
<client-container>
<target-server name="<your_host>" address="<your_host>" port="<your_port>"/>
<log-service file="" level="WARNING"/>
<message-security-config auth-layer="SOAP"
default-client-provider="ClientProvider">
<provider-config
class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule"
provider-id="ClientProvider" provider-type="client">
<request-policy auth-source="sender | content"
auth-recipient=”after-content | before-content”/>
<response-policy auth-source="sender | content"
auth-recipient=”after-content | before-content”/>
<property name="security.config"
value="install_dir/lib/appclient/wss-client-config.xml"/>
</provider-config>
</message-security-config>
</client-container>
Valid values for auth-source
include sender
and content
. Valid values for auth-recipient
include before-content
and after-content
. A table describing the results of various combinations of these values can be found in "Actions of Request and Response Policy Configurations".
To not specify a request or response policy, leave the element blank, for example,
<response-policy/>