Filter
Top Products
Application Deployer
The application deployer is responsible for:
■
Specifying (at application assembly) any required application-specic message protection
policies if such policies have not already been specied by upstream roles (the developer or
assembler).
■
Modifying Sun-specic deployment descriptors to specify application-specic message
protection policies information (message-security-binding elements) to web service
endpoint and service references.
Application Developer
The application developer can turn on message security, but is not responsible for doing so.
Message security can be set up by the System Administrator so that all web services are secured,
or by the Application Deployer when the provider or protection policy bound to the application
must be dierent from that bound to the container.
The application developer or assembler is responsible for the following:
■
Determining if an application-specic message protection policy is required by the
application. If so, ensuring that the required policy is specied at application assembly
which may be accomplished by communicating with the Application Deployer.
About Security Tokens and Security Mechanisms
The WS-Security specication provides an extensible mechanism for using security tokens to
authenticate and encrypt SOAP web services messages. The SOAP layer message security
providers installed with the Enterprise Server may be used to employ username/password and
X.509 certicate security tokens to authenticate and encrypt SOAP web services messages.
Additional providers that employ other security tokens including SAML assertions will be
installed with subsequent releases of the Enterprise Server.
About Username Tokens
The Enterprise Server uses Username tokens in SOAP messages to establish the authentication
identity of the message sender. The recipient of a message containing a Username token (within
embedded password) validates that the message sender is authorized to act as the user
(identied in the token) by conrming that the sender knows the secret (the password) of the
user.
When using a Username token, a valid user database must be congured on the Enterprise
Server
UnderstandingMessage Securityinthe EnterpriseServer
Chapter10 • ConguringMessage Security 129