TABLE 10–1
Message protection policy to WS-Security SOAP message security operation mapping
(Continued)
Message Protection Policy
Resulting WS-Security SOAP message protection operations
auth-recipient=
"
before-content
"
OR
auth-recipient=
"
after-content
"
The content of the SOAP message Body is encrypted and
replaced with the resulting
xend:EncryptedData
. The
message contains
a wsse:Security
header that contains
an
xenc:EncryptedKey
. The
xenc:EncryptedKey
contains the key used to encrypt the SOAP message body.
The key is encrypted in the public key of the recipient.
No policy specified.
No security operations are performed by the modules.
Configuring Other Security Facilities
The Enterprise Server implements message security using message security providers
integrated in its SOAP processing layer. The message security providers depend on other
security facilities of Enterprise Server.
1. If using a version of the Java SDK prior to version 1.5.0, and using encryption technology,
configure a JCE provider.
2. Configuring a JCE provider is discussed in
“Configuring a JCE Provider” on page 135
.
3. If using a username token, configure a user database, if necessary. When using a
username/password token, an appropriate realm must be configured and an appropriate
user database must be configured for the realm.
4. Manage certificates and private keys, if necessary.
After You Finish
Once the facilities of the Enterprise Server are configured for use by message security providers,
then the providers installed with the Enterprise Server may be enabled as described in
“Enabling Providers for Message Security” on page 137
.
Configuring a JCE Provider
The Java Cryptography Extension (JCE) provider included with J2SE 1.4.x does not support
RSA encryption. Because the XML Encryption defined by WS-Security is typically based on
RSA encryption, in order to use WS-Security to encrypt SOAP messages you must download
and install a JCE provider that supports RSA encryption.
Note –
RSA is public-key encryption technology developed by RSA Data Security, Inc. The
acronym stands for Rivest, Shamir, and Adelman, the inventors of the technology.
Configuring the Enterprise Server for Message Security
Chapter 10 • Configuring Message Security
135
Summary of Contents for Sun GlassFish Enterprise Server 2.1
Page 12: ...12 ...
Page 13: ...Figures FIGURE 1 1 Enterprise Server Instance 29 FIGURE 9 1 RoleMapping 105 13 ...
Page 14: ...14 ...
Page 18: ...18 ...
Page 38: ...38 ...
Page 62: ...62 ...
Page 96: ...96 ...
Page 126: ...126 ...
Page 160: ...160 ...
Page 214: ...214 ...
Page 218: ...218 ...
Page 230: ...230 ...