beautypg.com

Configuring message security, Understanding users, groups, roles, and realms – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual

Page 104

background image

Configuring Message Security

Message Security enables a server to perform end-to-end authentication of web service
invocations and responses at the message layer. The Enterprise Server implements message
security using message security providers on the SOAP layer. The message security providers
provide information such as the type of authentication that is required for the request and
response messages. The types of authentication that are supported include the following:

Sender authentication, including username-password authentication.

Content authentication, including XML Digital Signatures.

Two message security providers are included with this release. The message security providers
can be configured for authentication for the SOAP layer. The providers that can be configured
include ClientProvider and ServerProvider.

Support for message layer security is integrated into the Enterprise Server and its client
containers in the form of (pluggable) authentication modules. By default, message layer security
is disabled on the Enterprise Server.

Message level security can be configured for the entire Enterprise Server or for specific
applications or methods. Configuring message security at the Enterprise Server level is
discussed in

Chapter 10, “Configuring Message Security.”

Configuring message security at the

application level is discussed in the Developer's Guide.

Understanding Users, Groups, Roles, and Realms

The Enterprise Server enforces its authentication and authorization policies upon the following
entities:

“Users” on page 105

: An individual identity defined in the Enterprise Server. In general, a user

is a person, a software component such as an enterprise bean, or even a service. A user who
has been authenticated is sometimes called a principal. Users are sometimes referred to as
subjects.

“Groups” on page 105

: A set of users defined in the Enterprise Server, classified by common

traits.

“Roles” on page 106

: A named authorization level defined by an application. A role can be

compared to a key that opens a lock. Many people might have a copy of the key. The lock
doesn't care who seeks access, only that the right key is used.

“Realms” on page 106

: A repository containing user and group information and their

associated security credentials. A realm is also called a security policy domain.

Understanding Users, Groups, Roles, and Realms

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

104

See also other documents in the category Sun Microsystems Computers: