Filter
Top Products
The response policy denes the authentication policy requirements associated with response
processing performed by the authentication provider. Policies are expressed in message
sender order such that a requirement that encryption occur after content would mean that
the message receiver would expect to decrypt the message before validating the signature.
Securing a Web Service
Web services deployed on the Enterprise Server are secured by binding SOAP layer message
security providers and message protection policies to the containers in which the applications
are deployed or to web service endpoints served by the applications. SOAP layer message
security functionality is congured in the client-side containers of the Enterprise Server by
binding SOAP layer message security providers and message protection policies to the client
containers or to the portable service references declared by client applications.
When the Enterprise Server is installed, SOAP layer message security providers are congured
in the client and server-side containers of the Enterprise Server, where they are available for
binding for use by the containers, or by individual applications or clients deployed in the
containers. During installation, the providers are congured with a simple message protection
policy that, if bound to a container, or to an application or client in a container, would cause the
source of the content in all request and response messages to be authenticated by XML digital
signature.
The administrative interfaces of the Enterprise Server can be employed to bind the existing
providers for use by the server-side containers of the Enterprise Server, to modify the message
protection policies enforced by the providers, or to create new provider congurations with
alternative message protection policies. Analogous administrative operations can be performed
on the SOAP message layer security conguration of the application client container as dened
in
“Enabling Message Security for Application Clients” on page 139.
By default, message layer security is disabled on the Enterprise Server. To congure message
layer security for the Enterprise Server follow the steps outlined in
“Conguring the Enterprise
Server for Message Security” on page 133
. If you want to cause web services security to be used to
protect all web services applications deployed on the Enterprise Server, follow the steps in
“Enabling Providers for Message Security” on page 137.
Once you have completed the above steps (which may include restarting the Enterprise Server),
web services security will be applied to all web services applications deployed on the Enterprise
Server.
SecuringaWebService
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008132