Configuring the Enterprise Server for Message Security

Actions of Request and Response Policy

Configurations

The following table shows message protection policy configurations and the resulting message security operations performed by the WS-Security SOAP message security providers for that configuration.

TABLE 10–1Message protection policy to WS-Security SOAP message security operation mapping

Message Protection Policy

Resulting WS-Security SOAP message protection operations

 

 

auth-source="sender"

The message contains a wsse:Security header that

 

contains a wsse:UsernameToken (with password).

 

 

auth-source="content"

The content of the SOAP message Body is signed. The

 

message contains a wsse:Security header that contains

 

the message Body signature represented as a

 

ds:Signature.

 

 

auth-source="sender"

The content of the SOAP message Body is encrypted and

auth-recipient="before-content"

replaced with the resulting xend:EncryptedData. The

message contains a wsse:Security header that contains

 

OR

a wsse:UsernameToken (with password) and an

auth-recipient="after-content"

xenc:EncryptedKey. The xenc:EncryptedKey contains

the key used to encrypt the SOAP message body. The key

 

is encrypted in the public key of the recipient.

 

 

auth-source="content"

The content of the SOAP message Body is encrypted and

auth-recipient="before-content"

replaced with the resulting xend:EncryptedData. The

xenc:EncryptedData is signed. The message contains a

 

 

wsse:Security header that contains an

 

xenc:EncryptedKey and a ds:Signature. The

 

xenc:EncryptedKey contains the key used to encrypt the

 

SOAP message body. The key is encrypted in the public

 

key of the recipient.

 

 

auth-source="content"

The content of the SOAP message Body is signed, then

auth-recipient="after-content"

encrypted, and then replaced with the resulting

xend:EncryptedData. The message contains a

 

 

wsse:Security header that contains an

 

xenc:EncryptedKey and a ds:Signature. The

 

xenc:EncryptedKey contains the key used to encrypt the

 

SOAP message body. The key is encrypted in the public

 

key of the recipient.

 

 

134

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

Page 134
Image 134
Sun Microsystems 820433510 manual Actions of Request and Response Policy Configurations