ConguringApplication-Specic Web Services

Security

Application-specicweb services security functionality is congured (at application assembly)
bydening message-security-binding elements in the Sun-specic deployment descriptors of
theapplication. These message-security-binding elements are used to associate a specic
provideror message protection policy with a web services endpoint or service reference, and
maybe qualied so that they apply to a specic port or method of the corresponding endpoint
orreferenced service.
Formore information on dening application specic message protection policies, refer to
Chapter5, “Securing Applications,”in Sun GlassFish Enterprise Server 2.1 Developer’sGuide.
Securing the Sample Application
TheEnterprise Server ships with a sample application named xms. The xms application features
asimple web service that is implemented by both a J2EE EJB endpoint and a Java Servlet
endpoint.Both endpoints share the same service endpoint interface. The service endpoint
interfacedenes a single operation, sayHello, which takes a string argument, and returns a
Stringcomposed by pre-pending Hello to the invocation argument.
Thexms sample application is provided to demonstrate the use of the Enterprise Server’s
WS-Securityfunctionality to secure an existing web services application. The instructions
whichaccompany the sample describe how to enable the WS-Security functionality of the
EnterpriseServer such that it is used to secure the xms application. The sample also
demonstratesthe binding of WS-Security functionality directly to the application (as described
in“Conguring Application-Specic Web Services Security” on page 133 application.
Thexms sample application is installed in the directory:
as-install/samples/webservices/security/ejb/apps/xms/.
Forinformation on compiling, packaging, and running the xms sample application, refer to the
SecuringApplications chapter of the Developers’ Guide.
Conguringthe Enterprise Ser ver forMessage Security
“Actionsof Request and Response Policy Congurations” on page 134
“ConguringOther Security Facilities” on page 135
“Conguringa JCE Provider” on page 135
ConguringtheEnterprise Ser ver forMessage S ecurity
Chapter10 • Conguring Message Security 133