Sun Microsystems 820433510 Server User Manual


 
Conguring Application-Specic Web Services
Security
Application-specic web services security functionality is congured (at application assembly)
by dening message-security-binding elements in the Sun-specic deployment descriptors of
the application. These message-security-binding elements are used to associate a specic
provider or message protection policy with a web services endpoint or service reference, and
may be qualied so that they apply to a specic port or method of the corresponding endpoint
or referenced service.
For more information on dening application specic message protection policies, refer to
Chapter 5, “Securing Applications,” in Sun GlassFish Enterprise Server 2.1 Developer’s Guide.
Securing the Sample Application
The Enterprise Server ships with a sample application named xms. The xms application features
a simple web service that is implemented by both a J2EE EJB endpoint and a Java Servlet
endpoint. Both endpoints share the same service endpoint interface. The service endpoint
interface denes a single operation, sayHello, which takes a string argument, and returns a
String composed by pre-pending Hello to the invocation argument.
The xms sample application is provided to demonstrate the use of the Enterprise Server’s
WS-Security functionality to secure an existing web services application. The instructions
which accompany the sample describe how to enable the WS-Security functionality of the
Enterprise Server such that it is used to secure the xms application. The sample also
demonstrates the binding of WS-Security functionality directly to the application (as described
in
“Conguring Application-Specic Web Services Security” on page 133 application.
The xms sample application is installed in the directory:
as-install/samples/webservices/security/ejb/apps/xms/.
For information on compiling, packaging, and running the xms sample application, refer to the
Securing Applications chapter of the Developers’ Guide.
Conguring the Enterprise Server for Message Security
“Actions of Request and Response Policy Congurations” on page 134
“Conguring Other Security Facilities” on page 135
“Conguring a JCE Provider” on page 135
ConguringtheEnterprise ServerforMessage Security
Chapter10 • ConguringMessage Security 133