Below are the steps (GUI and CLI) to configure the message security provider at the container level.
wadm setup
- Start wadm
$
<webserver-install-dir>/bin/wadm --user=admin --port=8800
--password-file=/admin.passwd
wadm>- To list the configurations available
wadm>list-configs
testfoo
The example in this
document will use test. Most commands need the --config parameter, so
set the config once using:
wadm>set
wadm_config test
Configure Message Security Provider
- Using CLI
A default message security
provider is included with the Web Server. To configure this provider
with the name provider1,
use CLI:
wadm>create-soap-auth-provider
--class=com.sun.xml.wss.provider.ServerSecurityAuthModule
--request-policy-auth-source=content
--request-policy-auth-recipient=before-content
--response-policy-auth-source=content
--response-policy-auth-recipient=before-content provider1
CLI201
Command "create-soap-auth-provider" ran successfully
This
default provider requires a usecase xml file wss-server-config-2.0.xml
be specified as a property. This usecase file is included in the Web
Server message security sample under <webserver-install-dir>/samples/java/webapps/webservices/security/etc
directory. Add this property to the above configured provider provider1
using:
wadm>create-soap-auth-provider-userprop
--provider=provider1
security.config=<webserver-install-dir/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml
Now, the default provider
is completely configured. List of providers configured server
wide can be listed using command:
wadm>list-soap-auth-providers
provider1
myprovider
The properties configured for a specific provider can be listed using list-soap-auth-provider-userprop
wadm>list-soap-auth-provider-userprops
--provider=provider1
security.config=<webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml
security.config=<webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml
The default provider from the configured list of server wide provider can be set using the CLI:
wadm>set-config-prop
default-soap-auth-provider-name=provider1
To list the configured properties, use:
wadm>get-config-prop
default-auth-db-name=default
user=foo
platform=32
default-soap-auth-provider-name=provider1
temp-path=/tmp/https-test-8feb0e2d
mime-file=[mime.types]
acl-file=[default.acl]
audit-accesses=false
default-auth-db-name=default
user=foo
platform=32
default-soap-auth-provider-name=provider1
temp-path=/tmp/https-test-8feb0e2d
mime-file=[mime.types]
acl-file=[default.acl]
audit-accesses=false
To list the properties of a soap auth provider, use:
wadm>get-soap-auth-provider-prop
--provider=provider1 --config=test
request-policy-auth-source=content
response-policy-auth-source=content
request-policy-auth-recipient=before-content
response-policy-auth-recipient=before-content
class=com.sun.xml.wss.provider.ServerSecurityAuthModule
name=provider1
request-policy-auth-source=content
response-policy-auth-source=content
request-policy-auth-recipient=before-content
response-policy-auth-recipient=before-content
class=com.sun.xml.wss.provider.ServerSecurityAuthModule
name=provider1
To set a specific property, request-policy-auth-source in this example:
wadm>set-soap-auth-provider-prop
--provider=provider1 request-policy-auth-recipient=after-content
Deploy the config using:
wadm>deploy-config
test
After the commands above, the server.xml snippet for message security looks as follows:
<default-soap-auth-provider-name>provider1</default-soap-auth-provider-name>
<soap-auth-provider>
<name>provider1</name>
<class>com.sun.xml.wss.provider.ServerSecurityAuthModule</class>
<request-policy>
<auth-source>content</auth-source>
<auth-recipient>before-content</auth-recipient>
</request-policy>
<response-policy>
<auth-source>content</auth-source>
<auth-recipient>before-content</auth-recipient>
</response-policy>
<property>
<name>security.config</name>
<value><webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml</value>
</property>
</soap-auth-provider>
<soap-auth-provider>
<name>provider1</name>
<class>com.sun.xml.wss.provider.ServerSecurityAuthModule</class>
<request-policy>
<auth-source>content</auth-source>
<auth-recipient>before-content</auth-recipient>
</request-policy>
<response-policy>
<auth-source>content</auth-source>
<auth-recipient>before-content</auth-recipient>
</response-policy>
<property>
<name>security.config</name>
<value><webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml</value>
</property>
</soap-auth-provider>
- Using GUI
- Login to Web Server
Administration GUI
- Choose "Edit Java Settings" link under "Configuration Tasks"
- Select "Web Services" sub-tab under "Java" tab
- Click on "New" button and set the following. To add the properties click on "Add Property" button.
- Choose "Edit Java Settings" link under "Configuration Tasks"
- Select "Web Services" sub-tab under "Java" tab
- Click on "New" button and set the following. To add the properties click on "Add Property" button.
| Name | provider1 |
| Class Name | com.sun.xml.wss.provider.ServerSecurityAuthModule |
| Request Authentication Source | content (depending on your requirement choose either "sender" or "content") |
| Request Authentication Recipient | before-content (depending on your requirement choose either "before-content" or "after-content") |
| Response Authentication Source | content (depending on your requirement choose either "sender" or "content") |
| Request Authentication Recipient | before-content (depending on your requirement choose either "before-content" or "after-content") |
Property: |
|
| security.config | <webserver-install-dir>/samples/java/webapps/webservices/security/etc/wss-server-config-2.0.xml |