Filter
Top Products
Conguring Message Security
Message Security enables a server to perform end-to-end authentication of web service
invocations and responses at the message layer. The Enterprise Server implements message
security using message security providers on the SOAP layer. The message security providers
provide information such as the type of authentication that is required for the request and
response messages. The types of authentication that are supported include the following:
■
Sender authentication, including username-password authentication.
■
Content authentication, including XML Digital Signatures.
Two message security providers are included with this release. The message security providers
can be congured for authentication for the SOAP layer. The providers that can be congured
include ClientProvider and ServerProvider.
Support for message layer security is integrated into the Enterprise Server and its client
containers in the form of (pluggable) authentication modules. By default, message layer security
is disabled on the Enterprise Server.
Message level security can be congured for the entire Enterprise Server or for specic
applications or methods. Conguring message security at the Enterprise Server level is
discussed in
Chapter 10, “Conguring Message Security.” Conguring message security at the
application level is discussed in the Developer's Guide.
Understanding Users, Groups, Roles, and Realms
The Enterprise Server enforces its authentication and authorization policies upon the following
entities:
■
“Users” on page 105: An individual identity dened in the Enterprise Server. In general, a user
is a person, a software component such as an enterprise bean, or even a service. A user who
has been authenticated is sometimes called a principal. Users are sometimes referred to as
subjects.
■
“Groups” on page 105: A set of users dened in the Enterprise Server, classied by common
traits.
■
“Roles” on page 106: A named authorization level dened by an application. A role can be
compared to a key that opens a lock. Many people might have a copy of the key. The lock
doesn't care who seeks access, only that the right key is used.
■
“Realms” on page 106: A repository containing user and group information and their
associated security credentials. A realm is also called a security policy domain.
UnderstandingUsers,Groups,Roles,and Realms
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008104