6. Restart the Enterprise Server.
Message Security Setup
Most of the steps for setting up the Enterprise Server for using message security can be
accomplished using the Admin Console, the asadmin command-line tool, or by manually
editing system les. In general, editing system les is discouraged due to the possibility of
making unintended changes that prevent the Enterprise Server from running properly,
therefore, where possible, steps for conguring the Enterprise Server using the Admin Console
are shown rst, with the asadmin tool command shown after. Steps for manually editing system
les are shown only when there is no Admin Console or asadmin equivalent.
Support for message layer security is integrated into the Enterprise Server and its client
containers in the form of (pluggable) authentication modules. By default, message layer security
is disabled on the Enterprise Server. The following sections provide the details for enabling,
creating, editing, and deleting message security congurations and providers.
■
“Enabling Providers for Message Security” on page 137
■
“Conguring the Message Security Provider” on page 138
■
“Creating a Message Security Provider” on page 139
■
“Enabling Message Security for Application Clients” on page 139
■
“Setting the Request and Response Policy for the Application Client Conguration” on
page 139
■
“Further Information” on page 140
In most cases, it will be necessary to restart the Enterprise Server after performing the
administrative operations listed above. This is especially the case if you want the eects of the
administrative change to be applied to applications that were already deployed on the
Enterprise Server at the time the operation was performed.
Enabling Providers for Message Security
To enable message security for web services endpoints deployed in the Enterprise Server, you
must specify a provider to be used by default on the server side. If you enable a default provider
for message security, you also need to enable providers to be used by clients of the web services
deployed in the Enterprise Server. Information for enabling the providers used by clients is
discussed in
“Enabling Message Security for Application Clients” on page 139.
To enable message security for web service invocations originating from deployed endpoints,
you must specify a default client provider. If you enabled a default client provider for the
Enterprise Server, you must ensure that any services invoked from endpoints deployed in the
Enterprise Server are compatibly congured for message layer security.
Use the command-line utility:
MessageSecurity Setup
Chapter10 • ConguringMessage Security 137