Message Security Setup; Enabling Providers For Message Security - Sun Microsystems GlassFish Enterprise Server 2.1 Administration Manual

6. Restart the Enterprise Server.

Message Security Setup

Most of the steps for setting up the Enterprise Server for using message security can be
accomplished using the Admin Console, the asadmin command-line tool, or by manually
editing system files. In general, editing system files is discouraged due to the possibility of
making unintended changes that prevent the Enterprise Server from running properly,
therefore, where possible, steps for configuring the Enterprise Server using the Admin Console
are shown first, with the asadmin tool command shown after. Steps for manually editing system
files are shown only when there is no Admin Console or asadmin equivalent.
Support for message layer security is integrated into the Enterprise Server and its client
containers in the form of (pluggable) authentication modules. By default, message layer security
is disabled on the Enterprise Server. The following sections provide the details for enabling,
creating, editing, and deleting message security configurations and providers.
"Enabling Providers for Message Security" on page 137
■
"Configuring the Message Security Provider" on page 138
■
"Creating a Message Security Provider" on page 139
■
"Enabling Message Security for Application Clients" on page 139
■
"Setting the Request and Response Policy for the Application Client Configuration" on
■
"Further Information" on page 140
■
In most cases, it will be necessary to restart the Enterprise Server after performing the
administrative operations listed above. This is especially the case if you want the effects of the
administrative change to be applied to applications that were already deployed on the
Enterprise Server at the time the operation was performed.

Enabling Providers for Message Security

To enable message security for web services endpoints deployed in the Enterprise Server, you
must specify a provider to be used by default on the server side. If you enable a default provider
for message security, you also need to enable providers to be used by clients of the web services
deployed in the Enterprise Server. Information for enabling the providers used by clients is
discussed in
To enable message security for web service invocations originating from deployed endpoints,
you must specify a default client provider. If you enabled a default client provider for the
Enterprise Server, you must ensure that any services invoked from endpoints deployed in the
Enterprise Server are compatibly configured for message layer security.
Use the command-line utility:
Chapter 10 • Configuring Message Security
page 139
"Enabling Message Security for Application Clients" on page
Message Security Setup
139.
137