Filter
Top Products
About Digital Signatures
The Enterprise Server uses XML Digital signatures to bind an authentication identity to
message content. Clients use digital signatures to establish their caller identity, analogous to the
way basic authentication or SSL client certicate authentication have been used to do the same
thing when transport layer security is being used. Digital signatures are veried by the message
receiver to authenticate the source of the message content (which may be dierent from the
sender of the message.)
When using digital signatures, valid keystore and truststore les must be congured on the
Enterprise Server. For more information on this topic, read
“About Certicate Files” on
page 111
.
About Encryption
The purpose of encryption is to modify the data such that it can only be understood by its
intended audience. This is accomplished by substituting an encrypted element for the original
content. When predicated on public key cryptography, encryption can be used to establish the
identity of the parties that can read a message.
When using Encryption, you must have an installed JCE provider that supports encryption. For
more information on this topic, read
“Conguring a JCE Provider” on page 135.
About Message Protection Policies
Message protection policies are dened for request message processing and response message
processing and are expressed in terms of requirements for source and/or recipient
authentication. A source authentication policy represents a requirement that the identity of the
entity that sent a message or that dened the content of a message be established in the message
such that it can be authenticated by the message receiver. A recipient authentication policy
represents a requirement that the message be sent such that the identity of the entities that can
receive the message can be established by the message sender. The providers apply specic
message security mechanisms to cause the message protection policies to be realized in the
context of SOAP web services messages.Request and response message protection policies are
dened when a provider is congured into a container. Application-specic message protection
policies (at the granularity of the web service port or operation) may also be congured within
the Sun-specic deployment descriptors of the application or application client. In any case,
where message protection policies are dened, the request and response message protection
policies of the client must match (be equivalent to) the request and response message protection
policies of the server. For more information on dening application-specic message
protection policies, refer to the Securing Applications chapter of the Developers Guide.
UnderstandingMessage Securityinthe EnterpriseServer
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008130