| type=page |
| status=published |
| title=create-message-security-provider |
| next=create-module-config.html |
| prev=create-managed-thread-factory.html |
| ~~~~~~ |
| |
| = create-message-security-provider |
| |
| [[create-message-security-provider-1]][[GSRFM00045]][[create-message-security-provider]] |
| |
| == create-message-security-provider |
| |
| Enables administrators to create a message security provider, which |
| specifies how SOAP messages will be secured. |
| |
| [[sthref421]] |
| |
| === Synopsis |
| |
| [source] |
| ---- |
| asadmin [asadmin-options] create-message-security-provider [--help] |
| [--target target] |
| --classname provider_class |
| [--layer message_layer] [--providertype provider_type] |
| [--requestauthsource request_auth_source ] |
| [--requestauthrecipient request_auth_recipient ] |
| [--responseauthsource response_auth_source ] |
| [--responseauthrecipient response_auth_recipient ] |
| [--isdefaultprovider] [--property name=value[:name=value]*] |
| provider_name |
| ---- |
| |
| [[sthref422]] |
| |
| === Description |
| |
| The `create-message-security-provider` subcommand enables the |
| administrator to create a message security provider for the security |
| service which specifies how SOAP messages will be secured. |
| |
| This command is supported in remote mode only. |
| |
| [[sthref423]] |
| |
| === Options |
| |
| If an option has a short option name, then the short option precedes the |
| long option name. Short options have one dash whereas long options have |
| two dashes. |
| |
| asadmin-options:: |
| Options for the `asadmin` utility. For information about these |
| options, see the link:asadmin.html#asadmin-1m[`asadmin`(1M)] help page. |
| `--help`:: |
| `-?`:: |
| Displays the help text for the subcommand. |
| `--target`:: |
| Specifies the target for which you are creating the message security |
| provider. The following values are valid: |
| |
| `server`;; |
| Creates the provider for the default server instance `server` and is |
| the default value. |
| `domain`;; |
| Creates the provider for the domain. |
| cluster_name;; |
| Creates the provider for every server instance in the cluster. |
| instance_name;; |
| Creates the provider for a particular sever instance. |
| |
| `--classname`:: |
| Defines the Java implementation class of the provider. Client |
| authentication providers must implement the |
| `com.sun.enterprise. security.jauth.ClientAuthModule` interface. |
| Server-side providers must implement the |
| `com.sun.enterprise.security jauth.ServerAuthModule` interface. A |
| provider may implement both interfaces, but it must implement the |
| interface corresponding to its provider type. |
| `--layer`:: |
| The message-layer entity used to define the value of the `auth-layer` |
| attribute of `message-security-config` elements. The default is |
| `HttpServlet`. Another option is `SOAP`. |
| `--providertype`:: |
| Establishes whether the provider is to be used as client |
| authentication provider, server authentication provider, or both. |
| Valid options for this property include `client`, `server`, or |
| `client-server`. |
| `--requestauthsource`:: |
| The `auth-source` attribute defines a requirement for message-layer |
| sender authentication (e.g. username password) or content |
| authentication (e.g. digital signature) to be applied to request |
| messages. Possible values are `sender` or `content`. When this |
| argument is not specified, source authentication of the request is not |
| required. |
| `--requestauthrecipient`:: |
| The `auth-recipient` attribute defines a requirement for message-layer |
| authentication of the receiver of a message to its sender (e.g. by XML |
| encryption). Possible values are `before-content` or `after-content`. |
| The default value is `after-content`. |
| `--responseauthsource`:: |
| The `auth-source` attribute defines a requirement for message-layer |
| sender authentication (e.g. username password) or content |
| authentication (e.g. digital signature) to be applied to response |
| messages. Possible values are `sender` or `content`. When this option |
| is not specified, source authentication of the response is not |
| required. |
| `--responseauthrecipient`:: |
| The `auth-recipient` attribute defines a requirement for message-layer |
| authentication of the receiver of the response message to its sender |
| (e.g. by XML encryption). Possible values are `before-content` or |
| `after-content`. The default value is `after-content`. |
| `--isdefaultprovider`:: |
| The `default-provider` attribute is used to designate the provider as |
| the default provider (at the layer) of the type or types identified by |
| the `providertype` argument. There is no default associated with this |
| option. |
| `--property`:: |
| Use this property to pass provider-specific property values to the |
| provider when it is initialized. Properties passed in this way might |
| include key aliases to be used by the provider to get keys from |
| keystores, signing, canonicalization, encryption algorithms, etc. + |
| The following properties may be set: |
| |
| `security.config`;; |
| Specifies the location of the message security configuration file. |
| To point to a configuration file in the domain-dir``/config`` |
| directory, use the system property |
| `${com.sun.aas.instanceRoot}/config/`, for example: |
| `${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml`. The |
| default is domain-dir`/config/ wss-serverconfig-1.0.xml`. |
| `debug`;; |
| If `true`, enables dumping of server provider debug messages to the |
| server log. The default is `false`. |
| `dynamic.username. password`;; |
| If `true`, signals the provider runtime to collect the user name and |
| password from the `CallbackHandler` for each request. If `false`, |
| the user name and password for `wsse:UsernameToken`(s) is collected |
| once, during module initialization. This property is only applicable |
| for a `ClientAuthModule`. The default is `false`. |
| `encryption.key.alias`;; |
| Specifies the encryption key used by the provider. The key is |
| identified by its keystore alias. The default value is `s1as`. |
| `signature.key.alias`;; |
| Specifies the signature key used by the provider. The key is |
| identified by its keystore alias. The default value is `s1as`. |
| |
| [[sthref424]] |
| |
| === Operands |
| |
| provider_name:: |
| The name of the provider used to reference the `provider-config` |
| element. |
| |
| [[sthref425]] |
| |
| === Examples |
| |
| [[GSRFM507]][[sthref426]] |
| |
| ==== Example 1 Creating a Message Security Provider |
| |
| The following example shows how to create a message security provider |
| for a client. |
| |
| [source] |
| ---- |
| asadmin> create-message-security-provider |
| --classname com.sun.enterprise.security.jauth.ClientAuthModule |
| --providertype client mySecurityProvider |
| ---- |
| |
| [[sthref427]] |
| |
| === Exit Status |
| |
| 0:: |
| command executed successfully |
| 1:: |
| error in executing the command |
| |
| [[sthref428]] |
| |
| === See Also |
| |
| link:asadmin.html#asadmin-1m[`asadmin`(1M)] |
| |
| link:delete-message-security-provider.html#delete-message-security-provider-1[`delete-message-security-provider`(1)], |
| link:list-message-security-providers.html#list-message-security-providers-1[`list-message-security-providers`(1)] |
| |
| |
