Sun Microsystems 820433510 Server User Manual


  Open as PDF
of 256
 
Understanding Message Security in the Enterprise Server
The Enterprise Server oers integrated support for the WS-Security standard in its web services
client and server-side containers. This functionality is integrated such that web services security
is enforced by the containers of the Enterprise Server on behalf of applications, and such that it
can be applied to protect any web service application without requiring changes to the
implementation of the application. The Enterprise Server achieves this eect by providing
facilities to bind SOAP layer message security providers and message protection policies to
containers and to applications deployed in containers.
Assigning Message Security Responsibilities
In the Enterprise Server, the “System Administrator” on page 128 and “Application Deployer”
on page 129 roles are expected to take primary responsibility for conguring message security.
In some situations, the
“Application Developer” on page 129 may also contribute, although in
the typical case either of the other roles may secure an existing application without changing its
implementation without involving the developer. The responsibilities of the various roles are
dened in the following sections:
“System Administrator” on page 128
“Application Deployer” on page 129
“Application Developer” on page 129
System Administrator
The system administrator is responsible for:
Conguring message security providers on the Enterprise Server.
Managing user databases.
Managing keystore and truststore les.
Conguring a Java Cryptography Extension (JCE) provider if using encryption and running
a version of the Java SDK prior to version 1.5.0.
Installing the samples server. This is only done if the xms sample application will be used to
demonstrate the use of message layer web services security.
A system administrator uses the Admin Console to manage server security settings and uses a
command line tool to manage certicate databases. In Platform Edition, certicates and private
keys are stored in key stores and are managed with keytool. Standard Edition and Enterprise
Edition store certicates and private keys in an NSS database, where they are managed using
certutil. This document is intended primarily for system administrators. For an overview of
message security tasks, see
“Conguring the Enterprise Server for Message Security” on
page 133
.
UnderstandingMessage Securityinthe EnterpriseServer
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008128
 previous next