Hitachi

Hitachi Application Server V10 Command Reference Guide (For Windows® Systems)

2.25.1 create-message-security-provider

Creates a message security provider that specifies how SOAP messages will be secured. This option is applicable for administrators.

Synopsis

asadmin [asadmin-options] create-message-security-provider [--help]
    [--target target] --classname provider_class
    --layer message_layer [--providertype provider_type]
    [--requestauthsource request_auth_source]
    [--requestauthrecipient request_auth_recipient]
    [--responseauthsource response_auth_source]
    [--responseauthrecipient response_auth_recipient]
    [--isdefaultprovider]
    [--property name=value[:name=value]...] 
    provider_name

Storage location

Application Server installation directory/javaee/glassfish/bin

Function

The create-message-security-provider subcommand enables the administrator to create a message security provider for the security service which specifies how SOAP messages will be secured. This command is supported in remote mode only.

Precondition

The DAS should be in a running state.

Files

You can specify the security configuration file security.config by using the -property option.

Arguments

--help | -?

Displays the help text for the subcommand.

--target target

Specifies the target for which you are creating the message security provider.

Type: String

The following values can be specified:

  • server

    Creates the provider for the default server instance and is the default value.

  • cluster_name

    Creates the provider for every server instance in the cluster.

  • instance_name

    Creates the provider for a particular sever instance.

Default value: server

--classname provider_class

Defines the Java implementation class of the provider. Client authentication providers must implement the com.sun.enterprise.security.jauth.ClientAuthModule interface. Server-side providers must implement the com.sun.enterprise.security.jauth.ServerAuthModule interface. A provider may implement both interfaces, but it must implement the interface corresponding to its provider type.

Type: String

The following values can be specified:

A Java class name which implements the interface

  • com.sun.enterprise.security.jauth.ClientAuthModule

  • com.sun.enterprise.security.jauth.ServerAuthModule

Default value: N/A

--layer message_layer

Specifies the message-layer entity used to define the value of the auth-layer attribute of message-security-config elements.

Type: String

The following values can be specified:

  • HttpServlet

  • SOAP

Default value: HttpServlet

--providertype provider_type

Establishes whether the provider is to be used as client authentication provider, server authentication provider, or both.

Type: String

The following values can be specified:

  • client

  • server

  • client-server

Default value: N/A

--requestauthsource request_auth_source

Specifies the auth-source attribute that defines a requirement for the message-layer sender authentication (For example, username password) or the content authentication (For example, digital signature), to be applied to request messages.

Type: String

The following values can be specified:

  • sender

  • content

Default value: N/A

--requestauthrecipient request_auth_recipient

Specifies the auth-recipient attribute that defines a requirement for message-layer authentication of the receiver of the response message to its sender (for example, by XML encryption).

Type: String

The following values can be specified:

  • before-content

  • after-content

Default value: after-content

--responseauthsource response_auth_source

Specifies the auth-source attribute that defines a requirement for the message-layer sender authentication (For example, username password) or the content authentication (For example, digital signature) to be applied to response messages.

Type: String

The following values can be specified:

  • sender

  • content

Default value: N/A

--responseauthrecipient response_auth_recipient

Specifies the auth-recipient attribute that defines a requirement for message-layer authentication of the receiver of the response message to its sender (for example, by XML encryption).

Type: String

The following values can be specified:

  • before-content

  • after-content

Default value: after-content

--isdefaultprovider={false|true}

On the layer whose type is specified by the providertype argument, specifies the provider as the default provider. Default value: The provider is not specified as the default provider.

Type: Boolean

The following values can be specified:

  • true

  • false

Default value: false (The provider is not specified as the default provider)

--property name=value[:name=value]...

Passes provider-specific property values to the provider when it is initialized. Properties passed in this way might include key aliases to be used by the provider to get keys from keystores, signing, canonicalization, encryption algorithms,etc.

Type: String

The following values can be specified:

  • security.config =value

    Specifies the location of the message security configuration file. To point to a configuration file in the domain-dir/config directory, use the system property ${com.sun.aas.instanceRoot}/config/, for example: ${com.sun.aas.instanceRoot}/config/wss-server-config-1.0.xml. The default is domain-dir/config/ wss-serverconfig-1.0.xml.

    Type: String

    Default value: domain-dir/config/ wss-serverconfig-1.0.xml

    Range Value: N/A

  • debug =value

    Enables dumping of server provider debug messages to the server log, if true. The default is false.

    Type: Boolean

    Default value: false

    Range Value:

    true

    false

  • dynamic.username.password =value

    Signals the provider runtime to collect the user name and password from the CallbackHandler for each request, if set to true. If false, the user name and password for wsse:UsernameToken(s) is collected once, during module initialization. This property is only applicable for a ClientAuthModule. The default is false.

    Type: boolean

    Default value: false

    Range Value:

    true

    false

  • encryption.key.alias =value

    Specifies the encryption key used by the provider. The key is identified by its keystore alias. The default value is s1as.

    Type: String

    Default value: s1as

    Range Value: N/A

  • signature.key.alias =value

    Specifies the signature key used by the provider. The key is identified by its keystore alias. The default value is s1as.

    Type: String

    Default value: s1as

    Range Value: N/A

Default value: N/A

provider_name

Specifies the name of the provider used to reference the provider-config element.

Type: String

The following values can be specified:

  • Specify the name of the provider

Default value: N/A

Examples

The following example creates a message security provider on server instance instance1.

asadmin create-message-security-provider --target instance1
--classname com.sun.enterprise.security.jauth.ClientAuthModule --layer SOAP
--providertype client mySecurityProvider

Exit Status

Exit Status

Explanation

0

command executed successfully.

1

error in executing the command.

To Page Top

Trademarks

Copyright (C) 2015, Hitachi, Ltd.

Copyright (C) 2013, Oracle and/or its affiliates. All rights reserved.