Conguring Application-Specic Web Services
Security
Application-specic web services security functionality is congured (at application assembly)
by dening message-security-binding elements in the Sun-specic deployment descriptors of
the application. These message-security-binding elements are used to associate a specic
provider or message protection policy with a web services endpoint or service reference, and
may be qualied so that they apply to a specic port or method of the corresponding endpoint
or referenced service.
For more information on dening application specic message protection policies, refer to
Chapter 5, “Securing Applications,” in Sun GlassFish Enterprise Server 2.1 Developer’s Guide.
Securing the Sample Application
The Enterprise Server ships with a sample application named xms. The xms application features
a simple web service that is implemented by both a J2EE EJB endpoint and a Java Servlet
endpoint. Both endpoints share the same service endpoint interface. The service endpoint
interface denes a single operation, sayHello, which takes a string argument, and returns a
String composed by pre-pending Hello to the invocation argument.
The xms sample application is provided to demonstrate the use of the Enterprise Server’s
WS-Security functionality to secure an existing web services application. The instructions
which accompany the sample describe how to enable the WS-Security functionality of the
Enterprise Server such that it is used to secure the xms application. The sample also
demonstrates the binding of WS-Security functionality directly to the application (as described
in
“Conguring Application-Specic Web Services Security” on page 133 application.
The xms sample application is installed in the directory:
as-install/samples/webservices/security/ejb/apps/xms/.
For information on compiling, packaging, and running the xms sample application, refer to the
Securing Applications chapter of the Developers’ Guide.
Conguring the Enterprise Server for Message Security
■
“Actions of Request and Response Policy Congurations” on page 134
■
“Conguring Other Security Facilities” on page 135
■
“Conguring a JCE Provider” on page 135
ConguringtheEnterprise ServerforMessage Security
Chapter10 • ConguringMessage Security 133