Configuring the Enterprise Server for Message Security

TABLE 10–1Message protection policy to WS-Security SOAP message security operation mapping

(Continued)

Message Protection Policy

Resulting WS-Security SOAP message protection operations

 

 

auth-recipient="before-content"

The content of the SOAP message Body is encrypted and

OR

replaced with the resulting xend:EncryptedData. The

message contains a wsse:Security header that contains

 

auth-recipient="after-content"

an xenc:EncryptedKey. The xenc:EncryptedKey

 

contains the key used to encrypt the SOAP message body.

 

The key is encrypted in the public key of the recipient.

No policy specified.

No security operations are performed by the modules.

Configuring Other Security Facilities

The Enterprise Server implements message security using message security providers integrated in its SOAP processing layer. The message security providers depend on other security facilities of Enterprise Server.

1.If using a version of the Java SDK prior to version 1.5.0, and using encryption technology, configure a JCE provider.

2.Configuring a JCE provider is discussed in “Configuring a JCE Provider” on page 135.

3.If using a username token, configure a user database, if necessary. When using a username/password token, an appropriate realm must be configured and an appropriate user database must be configured for the realm.

4.Manage certificates and private keys, if necessary.

After You Finish

Once the facilities of the Enterprise Server are configured for use by message security providers, then the providers installed with the Enterprise Server may be enabled as described in “Enabling Providers for Message Security” on page 137.

Configuring a JCE Provider

The Java Cryptography Extension (JCE) provider included with J2SE 1.4.x does not support RSA encryption. Because the XML Encryption defined by WS-Security is typically based on RSA encryption, in order to use WS-Security to encrypt SOAP messages you must download and install a JCE provider that supports RSA encryption.

Note – RSA is public-key encryption technology developed by RSA Data Security, Inc. The acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology.

Chapter 10 • Configuring Message Security

135

Page 135
Image 135
Sun Microsystems 820433510 manual Configuring Other Security Facilities, Configuring a JCE Provider, After You Finish