<log-service file="" level="WARNING"/>
<message-security-config auth-layer="SOAP"
default-client-provider="ClientProvider">
<provider-config
class-name="com.sun.enterprise.security.jauth.ClientAuthModule"
provider-id="ClientProvider" provider-type="client">
<request-policy auth-source="sender | content"
auth-recipient="after-content | before-content"/>
<response-policy auth-source="sender | content"
auth-recipient="after-content | before-content"/>
<property name="security.config"
value="as-install/lib/appclient/wss-client-config.xml"/>
</provider-config>
</message-security-config>
</client-container>
Valid values for auth-source include sender and content. Valid values for auth-recipient
include before-content and after-content. A table describing the results of various
combinations of these values can be found in
“Actions of Request and Response Policy
Congurations” on page 134.
To not specify a request or response policy, leave the element blank, for example:
<response-policy/>
Further Information
■
The Java 2 Standard Edition discussion of security can be viewed from
http://java.sun.com/j2se/1.4.2/docs/guide/security/index.html.
■
The Java EE 5.0 Tutorial chapter titled Security can be viewed from
http://java.sun.com/javaee/5/docs/tutorial/doc/index.html.
■
The Administration Guide chapter titled .
■
The Developer’s Guide chapter titled Securing Applications.
■
The XML-Signature Syntax and Processing document can be viewed at
http://www.w3.org/TR/xmldsig-core/.
■
The XML Encryption Syntax and Processing document can be viewed at
http://www.w3.org/TR/xmlenc-core/.
MessageSecurity Setup
SunGlassFishEnterpriseServer2.1AdministrationGuide • December2008140