Configuring Message Security in Sun Java System Web Server 7


Below are the steps (GUI and CLI) to configure the message security provider at the container level.
wadm setup
  • Start wadm
$ <webserver-install-dir>/bin/wadm --user=admin --port=8800 --password-file=/admin.passwd
          wadm>

  • To list the configurations available
wadm>list-configs
          test
          foo

The example in this document will use test. Most commands need the --config parameter, so set the config once using:
wadm>set wadm_config test

Configure Message Security Provider
  • Using CLI
A default message security provider is included with the Web Server. To configure this provider with the name provider1, use CLI:
wadm>create-soap-auth-provider --class=com.sun.xml.wss.provider.ServerSecurityAuthModule --request-policy-auth-source=content --request-policy-auth-recipient=before-content --response-policy-auth-source=content --response-policy-auth-recipient=before-content provider1
CLI201 Command "create-soap-auth-provider" ran successfully

This default provider requires a usecase xml file wss-server-config-2.0.xml be specified as a property. This usecase file is included in the Web Server message security sample under <webserver-install-dir>/samples/java/webapps/webservices/security/etc directory. Add this property to the above configured provider provider1 using:
wadm>create-soap-auth-provider-userprop --provider=provider1 security.config=<webserver-install-dir/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml

Now, the default provider is completely configured.  List of providers configured server wide can be listed using command:
wadm>list-soap-auth-providers
provider1
myprovider

The properties configured for a specific provider can be listed using list-soap-auth-provider-userprop
wadm>list-soap-auth-provider-userprops --provider=provider1
security.config=<webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml

The default provider from the configured  list of server wide provider can be set using the CLI:
wadm>set-config-prop default-soap-auth-provider-name=provider1

To list the configured properties, use:
wadm>get-config-prop                                        
default-auth-db-name=default
user=foo
platform=32
default-soap-auth-provider-name=provider1
temp-path=/tmp/https-test-8feb0e2d
mime-file=[mime.types]
acl-file=[default.acl]
audit-accesses=false

To list the properties of a soap auth provider, use:
wadm>get-soap-auth-provider-prop --provider=provider1 --config=test
request-policy-auth-source=content
response-policy-auth-source=content
request-policy-auth-recipient=before-content
response-policy-auth-recipient=before-content
class=com.sun.xml.wss.provider.ServerSecurityAuthModule
name=provider1     
   
To set a specific property, request-policy-auth-source in this example:
wadm>set-soap-auth-provider-prop  --provider=provider1 request-policy-auth-recipient=after-content

Deploy the config using:
wadm>deploy-config test

After the commands above, the server.xml snippet for message security looks as follows:
<default-soap-auth-provider-name>provider1</default-soap-auth-provider-name>
<soap-auth-provider>
    <name>provider1</name>
    <class>com.sun.xml.wss.provider.ServerSecurityAuthModule</class>
    <request-policy>
       <auth-source>content</auth-source>
       <auth-recipient>before-content</auth-recipient>
    </request-policy>
    <response-policy>
       <auth-source>content</auth-source>
       <auth-recipient>before-content</auth-recipient>
    </response-policy>
    <property>
       <name>security.config</name>
       <value><webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml</value>
    </property>
</soap-auth-provider>

  • Using GUI
- Login to Web Server Administration GUI
- Choose "Edit Java Settings" link under "Configuration Tasks"
- Select "Web Services" sub-tab under "Java" tab
- Click on "New" button and set the following. To add the properties click on "Add Property" button.
Name provider1
Class Name com.sun.xml.wss.provider.ServerSecurityAuthModule
Request Authentication Source content (depending on your requirement choose either "sender" or "content")
Request Authentication Recipient before-content (depending on your requirement choose either "before-content" or "after-content")
Response Authentication Source content (depending on your requirement choose either "sender" or "content")
Request Authentication Recipient before-content (depending on your requirement choose either "before-content" or "after-content")

Property:
security.config  <webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml



Comments:

Post a Comment:
Comments are closed for this entry.
About

seemaa

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today