Message Security enables a server to perform end-to-end authentication of web service invocations and responses at the message layer. The Application Server implements message security using message security providers on the SOAP layer. The message security providers provide information such as the type of authentication that is required for the request and response messages. The types of authentication that are supported include the following:
Two message security providers are included with this release. The message security providers can be configured for authentication for the SOAP layer. The providers that can be configured include ClientProvider
and ServerProvider
.
Support for message layer security is integrated into the Application Server and its client containers in the form of (pluggable) authentication modules. By default, message layer security is disabled on the Application Server.
To enable and configure message layer security, follow these steps:
Configuring a JCE provider is discussed in "Configuring a JCE Provider".
Configuring a user database is discussed in "Editing a Realm".
Managing keystore and truststore files is discussed in "About Certificate Files".
Specifying a message security configuration is discussed in "Enabling Providers for Message Security".
Configuring the message security providers is discussed in "Configuring a Message Security Provider".
Configuring the application client container for message security is discussed in "Enabling Message Security for Client Applications".
See Also: