Assigning message security responsibilities, System administrator – Sun Microsystems GLASSFISH ENTERPRISE 820433510 User Manual

Understanding Message Security in the Enterprise Server

The Enterprise Server offers integrated support for the WS-Security standard in its web services
client and server-side containers. This functionality is integrated such that web services security
is enforced by the containers of the Enterprise Server on behalf of applications, and such that it
can be applied to protect any web service application without requiring changes to the
implementation of the application. The Enterprise Server achieves this effect by providing
facilities to bind SOAP layer message security providers and message protection policies to
containers and to applications deployed in containers.

Assigning Message Security Responsibilities

In the Enterprise Server, the

“System Administrator” on page 128

and

“Application Deployer”

on page 129

roles are expected to take primary responsibility for configuring message security.

In some situations, the

“Application Developer” on page 129

may also contribute, although in

the typical case either of the other roles may secure an existing application without changing its
implementation without involving the developer. The responsibilities of the various roles are
defined in the following sections:

■

“System Administrator” on page 128

■

“Application Deployer” on page 129

■

“Application Developer” on page 129

System Administrator

The system administrator is responsible for:

■

Configuring message security providers on the Enterprise Server.

■

Managing user databases.

■

Managing keystore and truststore files.

■

Configuring a Java Cryptography Extension (JCE) provider if using encryption and running
a version of the Java SDK prior to version 1.5.0.

■

Installing the samples server. This is only done if the xms sample application will be used to
demonstrate the use of message layer web services security.

A system administrator uses the Admin Console to manage server security settings and uses a
command line tool to manage certificate databases. In Platform Edition, certificates and private
keys are stored in key stores and are managed with keytool. Standard Edition and Enterprise
Edition store certificates and private keys in an NSS database, where they are managed using
certutil

. This document is intended primarily for system administrators. For an overview of

message security tasks, see

“Configuring the Enterprise Server for Message Security” on

page 133

.

Understanding Message Security in the Enterprise Server

Sun GlassFish Enterprise Server 2.1 Administration Guide • December 2008

128