Configuring Message Security
Message Security
enables a server to perform end-to-end authentication of web service
invocations and responses at the message layer. The Enterprise Server implements message
security using message security providers on the SOAP layer. The message security providers
provide information such as the type of authentication that is required for the request and
response messages. The types of authentication that are supported include the following:
■
Sender authentication, including username-password authentication.
■
Content authentication, including XML Digital Signatures.
Two message security providers are included with this release. The message security providers
can be configured for authentication for the SOAP layer. The providers that can be configured
include
ClientProvider
and
ServerProvider
.
Support for message layer security is integrated into the Enterprise Server and its client
containers in the form of (pluggable) authentication modules. By default, message layer security
is disabled on the Enterprise Server.
Message level security can be configured for the entire Enterprise Server or for specific
applications or methods. Configuring message security at the Enterprise Server level is
discussed in
Chapter 10, “Configuring Message Security.”
Configuring message security at the
application level is discussed in the
Developer's Guide
.
Understanding Users, Groups, Roles, and Realms
The Enterprise Server enforces its authentication and authorization policies upon the following
entities:
■
“Users” on page 105
: An individual identity
defined in the Enterprise Server
. In general, a user
is a person, a software component such as an enterprise bean, or even a service. A user who
has been authenticated is sometimes called a
principal
. Users are sometimes referred to as
subjects
.
■
“Groups” on page 105
: A set of users
defined in the Enterprise Server
, classified by common
traits.
■
“Roles” on page 106
: A named authorization level
defined by an application
. A role can be
compared to a key that opens a lock. Many people might have a copy of the key. The lock
doesn't care who seeks access, only that the right key is used.
■
“Realms” on page 106
: A repository containing user and group information and their
associated security credentials. A realm is also called a
security policy domain
.
Understanding Users, Groups, Roles, and Realms
Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008
104
Summary of Contents for Sun GlassFish Enterprise Server 2.1
Page 12: ...12 ...
Page 13: ...Figures FIGURE 1 1 Enterprise Server Instance 29 FIGURE 9 1 RoleMapping 105 13 ...
Page 14: ...14 ...
Page 18: ...18 ...
Page 38: ...38 ...
Page 62: ...62 ...
Page 96: ...96 ...
Page 126: ...126 ...
Page 160: ...160 ...
Page 214: ...214 ...
Page 218: ...218 ...
Page 230: ...230 ...