Message Security Setup

<log-service file="" level="WARNING"/> <message-security-config auth-layer="SOAP"

default-client-provider="ClientProvider"> <provider-config

class-name="com.sun.enterprise.security.jauth.ClientAuthModule"provider-id="ClientProvider"provider-type="client">

<request-policy auth-source="sender content" auth-recipient="after-content before-content"/>

<response-policy auth-source="sender content" auth-recipient="after-content before-content"/> <property name="security.config"

value="as-install/lib/appclient/wss-client-config.xml"/> </provider-config>

</message-security-config> </client-container>

Valid values for auth-source include sender and content. Valid values for auth-recipient include before-content and after-content. A table describing the results of various combinations of these values can be found in “Actions of Request and Response Policy Configurations” on page 134.

To not specify a request or response policy, leave the element blank, for example:

<response-policy/>

Further Information

The Java 2 Standard Edition discussion of security can be viewed from http://java.sun.com/j2se/1.4.2/docs/guide/security/index.html.

The Java EE 5.0 Tutorial chapter titled Security can be viewed from http://java.sun.com/javaee/5/docs/tutorial/doc/index.html.

The Administration Guide chapter titled .

The Developer’s Guide chapter titled Securing Applications.

The XML-Signature Syntax and Processing document can be viewed at http://www.w3.org/TR/xmldsig-core/.

The XML Encryption Syntax and Processing document can be viewed at http://www.w3.org/TR/xmlenc-core/.

140

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

Page 140
Image 140
Sun Microsystems 820433510 manual Further Information, Response-policy