Typically, a provider would be re-configured to modify its message protection policies, although the provider type, implementation class, and provider-specific configuration properties may also be modified.
In the Admin Console tree component, expand the Configuration node.
Expand the Security node.
Expand the Message Security node.
Select the SOAP node.
Select the Providers tab.
Select the message security provider to edit.
The Edit Provider Configuration page appears. Application Server ships with the client provider com.sun.xml.wss.provider.ClientSecurityAuthModule and server provider com.sun.xml.wss.provider.ServerSecurityAuthModule.
In the Provider Configuration section, modify the following properties as desired:
Provider Type - Select client, server, or client-server to establish whether the provider is to be used as a client authentication provider, a server authentication provider, or both (a client-server provider).
Class Name - Enter the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.
Specify the request policy, if desired.
The request policy determines the request processing that the authentication provider performs. The following properties are optional, but if not specified, the authentication provider does not authenticate request messages. The Request Policy section contains these fields:
Authentication Source - Select sender to specify message-layer sender authentication (for example, username and password) of request messages. Select content to specify content authentication (for example, digital signature) of request messages. Select nothing (blank) to not authenticate the source of requests.
Authentication Recipient - Select Before Content or After Content to require message-layer authentication of the receiver of the request message to its sender (by XML encryption). If the value is not specified it defaults to After Content. Policies are expressed in message sender order so After Content means the message receiver decrypts the message before validating the signature.
For a description of the actions performed by the SOAP message security providers, see Request and Response Policy Configurations.
Specify the response policy, if desired.
The response policy determines the response processing that the authentication provider performs. These properties are optional, but if not specified, no authentication is applied to response messages.
Authentication Source - Select sender to specify message-layer sender authentication (for example, username password) of response messages. Select content to specify content authentication (for example, digital signature) of response messages. Select nothing (blank) to not authenticate response sources.
Authentication Recipient - Select Before Content or After Content to define a requirement for message-layer authentication of the receiver of the response message to its sender (by XML encryption). When the value is not specified it defaults to After Content. Policies are expressed in message sender order so After Content means the message receiver decrypts the message before validating the signature.
For a description of the actions performed by the SOAP message security providers as a result of the following message protection policies see Request and Response Policy Configurations.
Add additional properties by clicking the Add Property button.
The provider shipped with Application Server supports the following property: server.config - The directory and file name of an XML file that contains the server configuration information. For example, domain-dir/config/wss-server-config.xml.
If you are using another other provider, refer to its documentation for more information on properties and valid values.
Click Save.
To set the response policy, replace the word request in the following commands with response.
Add a request policy to the client and set the authentication source:
asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ClientProvider.request-policy.auth_source= sender | content |
Add a request policy to the server and set the authentication source:
asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ServerProvider.request-policy.auth_source= sender | content |
Add a request policy to the client and set the authentication recipient:
asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ClientProvider.request-policy.auth_recipient= before-content | after-content |
Add a request policy to the server and set the authentication recipient:
asadmin set --user admin-user --port admin-port server-config.security-service.message-security-config.SOAP. provider-config.ServerProvider.request-policy.auth_recipient= before-content | after-content |