beautypg.com

Application deployer, Application developer, About security tokens and security mechanisms – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual

Page 129: About username tokens

background image

Application Deployer

The application deployer is responsible for:

Specifying (at application assembly) any required application-specific message protection
policies if such policies have not already been specified by upstream roles (the developer or
assembler).

Modifying Sun-specific deployment descriptors to specify application-specific message
protection policies information (message-security-binding elements) to web service
endpoint and service references.

Application Developer

The application developer can turn on message security, but is not responsible for doing so.
Message security can be set up by the System Administrator so that all web services are secured,
or by the Application Deployer when the provider or protection policy bound to the application
must be different from that bound to the container.

The application developer or assembler is responsible for the following:

Determining if an application-specific message protection policy is required by the
application. If so, ensuring that the required policy is specified at application assembly
which may be accomplished by communicating with the Application Deployer.

About Security Tokens and Security Mechanisms

The WS-Security specification provides an extensible mechanism for using security tokens to
authenticate and encrypt SOAP web services messages. The SOAP layer message security
providers installed with the Enterprise Server may be used to employ username/password and
X.509 certificate security tokens to authenticate and encrypt SOAP web services messages.
Additional providers that employ other security tokens including SAML assertions will be
installed with subsequent releases of the Enterprise Server.

About Username Tokens

The Enterprise Server uses Username tokens in SOAP messages to establish the authentication
identity of the message sender. The recipient of a message containing a Username token (within
embedded password) validates that the message sender is authorized to act as the user
(identified in the token) by confirming that the sender knows the secret (the password) of the
user.

When using a Username token, a valid user database must be configured on the Enterprise
Server

Understanding Message Security in the Enterprise Server

Chapter 10 • Configuring Message Security

129

See also other documents in the category Sun Microsystems Computers: