Index: common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java
===================================================================
--- common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java	(revision 44785)
+++ common/src/main/java/org/glassfish/admingui/common/handlers/SecurityHandler.java	(working copy)
@@ -44,6 +44,7 @@
 import com.sun.jsftemplating.annotation.HandlerInput; 
 import com.sun.jsftemplating.annotation.HandlerOutput;
 import com.sun.jsftemplating.layout.descriptors.handler.HandlerContext;  
+import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -657,57 +658,62 @@
      public static void saveMsgProviderInfo(HandlerContext handlerCtx){
         Map<String,String> attrMap = (Map<String,String>) handlerCtx.getInputValue("attrMap");
         String edit = (String)handlerCtx.getInputValue("edit");
-        String providerName = attrMap.get("Name");
         String msgSecurityName = attrMap.get("msgSecurityName");
         String configName = (String)handlerCtx.getInputValue("configName");
         List propList = (List) handlerCtx.getInputValue("propList");
+        
+        try{
+            String providerName = URLEncoder.encode((String)attrMap.get("Name"), "UTF-8");
+            String providerEndpoint = GuiUtil.getSessionValue("REST_URL") + "/configs/config/" + configName +
+                    "/security-service/message-security-config/" + msgSecurityName + "/provider-config/" + providerName;
+        
+            if (edit.equals("true")){
+                boolean providerExist = RestUtil.get(providerEndpoint).isSuccess();
+                if (!providerExist){
+                    GuiUtil.handleError(handlerCtx, GuiUtil.getMessage(COMMON_BUNDLE, "msg.error.noSuchProvider")); //normally won't happen.
+                    return;
+                }else{
+                    Map<String, Object> providerMap = (Map<String, Object>)RestUtil.getEntityAttrs(providerEndpoint, "entity");
+                    providerMap.put("className", attrMap.get("ClassName"));
+                    providerMap.put("providerType", attrMap.get("ProviderType"));
+                    RestUtil.restRequest(providerEndpoint, providerMap, "POST", null, false);
 
-        String endpoint = GuiUtil.getSessionValue("REST_URL") + "/configs/config/" + configName +
-                                "/security-service/message-security-config/" + msgSecurityName + "/provider-config";
-        String providerEndpoint = endpoint + "/" + providerName;
-        try{
-        if (edit.equals("true")){
-            boolean providerExist = RestUtil.get(providerEndpoint).isSuccess();
-            if (!providerExist){
-                GuiUtil.handleError(handlerCtx, GuiUtil.getMessage(COMMON_BUNDLE, "msg.error.noSuchProvider")); //normally won't happen.
-                return;
+                }
             }else{
-                Map<String, Object> providerMap = (Map<String, Object>)RestUtil.getEntityAttrs(providerEndpoint, "entity");
-                providerMap.put("className", attrMap.get("ClassName"));
-                providerMap.put("providerType", attrMap.get("ProviderType"));
-                RestUtil.restRequest(providerEndpoint, providerMap, "POST", null, false);
+                String endpoint = GuiUtil.getSessionValue("REST_URL") + "/configs/config/" + configName +
+                                    "/security-service/message-security-config";
+                Map attrs = new HashMap();
+                if (attrMap.get("defaultProvider") == null){
+                    attrMap.put("defaultProvider", "false");
+                }
+                attrs.put("isdefaultprovider", attrMap.get("defaultProvider"));
+                attrs.put("id", attrMap.get("Name"));
+                attrs.put("classname", attrMap.get("ClassName"));
+                attrs.put("providertype", attrMap.get("ProviderType"));
+                attrs.put("layer", attrMap.get("msgSecurityName"));
+                attrs.put("target", configName);
+                RestUtil.restRequest(endpoint, attrs, "POST", null, false);
             }
-        }else{
-            endpoint = GuiUtil.getSessionValue("REST_URL") + "/configs/config/" + configName +
-                                "/security-service/message-security-config";
-            Map attrs = new HashMap();
-            attrs.put("id", attrMap.get("Name"));
-            attrs.put("classname", attrMap.get("ClassName"));
-            attrs.put("providertype", attrMap.get("ProviderType"));
-            attrs.put("layer", attrMap.get("msgSecurityName"));
-            attrs.put("target", configName);
-            RestUtil.restRequest(endpoint, attrs, "POST", null, false);
-        }
 
-        //if we pass in "", backend will throw bean violation, since it only accepts certain values.
-        String[] attrList= new String[] {"Request-AuthSource","Request-AuthRecipient", "Response-AuthSource", "Response-AuthRecipient"};
-        for(int i=0; i< attrList.length; i++){
-            if ("".equals(attrMap.get(attrList[i]))){
-                attrMap.put( attrList[i], null);
+            //if we pass in "", backend will throw bean violation, since it only accepts certain values.
+            String[] attrList= new String[] {"Request-AuthSource","Request-AuthRecipient", "Response-AuthSource", "Response-AuthRecipient"};
+            for(int i=0; i< attrList.length; i++){
+                if ("".equals(attrMap.get(attrList[i]))){
+                    attrMap.put( attrList[i], null);
+                }
             }
-        }
 
-        Map reqPolicyMap = new HashMap();
-        reqPolicyMap.put("authSource", attrMap.get("Request-AuthSource"));
-        reqPolicyMap.put("authRecipient", attrMap.get("Request-AuthRecipient"));
-        String reqPolicyEP = providerEndpoint + "/request-policy";
-        RestUtil.restRequest(reqPolicyEP, reqPolicyMap, "POST", null, false);
+            Map reqPolicyMap = new HashMap();
+            reqPolicyMap.put("authSource", attrMap.get("Request-AuthSource"));
+            reqPolicyMap.put("authRecipient", attrMap.get("Request-AuthRecipient"));
+            String reqPolicyEP = providerEndpoint + "/request-policy";
+            RestUtil.restRequest(reqPolicyEP, reqPolicyMap, "POST", null, false);
 
-        Map respPolicyMap = new HashMap();
-        respPolicyMap.put("authSource", attrMap.get("Response-AuthSource"));
-        respPolicyMap.put("authRecipient", attrMap.get("Response-AuthRecipient"));
-        String respPolicyEP = providerEndpoint + "/response-policy";
-        RestUtil.restRequest(respPolicyEP, respPolicyMap, "POST", null, false);
+            Map respPolicyMap = new HashMap();
+            respPolicyMap.put("authSource", attrMap.get("Response-AuthSource"));
+            respPolicyMap.put("authRecipient", attrMap.get("Response-AuthRecipient"));
+            String respPolicyEP = providerEndpoint + "/response-policy";
+            RestUtil.restRequest(respPolicyEP, respPolicyMap, "POST", null, false);
         }catch(Exception ex){
             GuiUtil.handleException(handlerCtx, ex);
         }
Index: common/src/main/resources/org/glassfish/common/admingui/Strings.properties
===================================================================
--- common/src/main/resources/org/glassfish/common/admingui/Strings.properties	(revision 44781)
+++ common/src/main/resources/org/glassfish/common/admingui/Strings.properties	(working copy)
@@ -1,7 +1,7 @@
 #
 # DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 #
-# Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved.
 #
 # The contents of this file are subject to the terms of either the GNU
 # General Public License Version 2 only ("GPL") or the Common Development
@@ -207,11 +207,11 @@
 msgSecProvider.responsePolicyLabel=Response Policy
 msgSecProvider.authSourceResponseHelp=Type of authentication to be applied to response messages
 msgSecProvider.NewPageTitle=New Provider Configuration
-msgSecProvider.NewPageTitleHelp=Specify security provider configuration and add provider to the SOAP message layer.
+msgSecProvider.NewPageTitleHelp=Specify security provider configuration and add provider to the message layer.
 msgSecProvider.defaultProviderLabel=Default Provider:
+msgSecProvider.defaultProviderLabeHelp=Whether the provider is the default client provider, the default server provider, or both is determined by the Provider Type.
 msgSecProvider.ProviderIdHelp=Name to use when referencing the provider
 
-
 ## Jacc Providers
 common.Jacc=JACC
 jacc.table.nameCol=Name
Index: common/src/main/resources/security/msgSecurity/providerEdit.jsf
===================================================================
--- common/src/main/resources/security/msgSecurity/providerEdit.jsf	(revision 44781)
+++ common/src/main/resources/security/msgSecurity/providerEdit.jsf	(working copy)
@@ -81,16 +81,18 @@
             mapPut(map="#{pageSession.valueMap}"  key="Response-AuthRecipient" value="#{pageSession.responsePolicyMap['authRecipient']}");
         }
 
-      <!--  the defaultProvider attr is not in the <provider-config> element, the logic to display this checkbox is wrong.
-            refer to issue# GLASSFISH-15711 
         gf.getEntityAttrs(endpoint="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service/message-security-config/#{pageSession.msgSecurityName}.json",
                           valueMap="#{pageSession.msgSecurityMap}");
         mapPut(map="#{pageSession.valueMap}"  key="defaultProvider" value="false");
         
-        if ("#{pageSession.msgSecurityMap['defaultClientProvider']}=true || #{pageSession.msgSecurityMap['defaultProvider']}=true")
+        if ("#{pageSession.msgSecurityMap['defaultClientProvider']}=#{pageSession.Name}"){
             mapPut(map="#{pageSession.valueMap}"  key="defaultProvider" value="true");
-       -->
+        }
 
+        if ("#{pageSession.msgSecurityMap['defaultProvider']}=#{pageSession.Name}"){
+            mapPut(map="#{pageSession.valueMap}"  key="defaultProvider" value="true");
+        }
+
         gf.restRequest(endpoint="#{pageSession.selfUrl}/property.json" method="GET" result="#{requestScope.propTable}");
         setPageSessionAttribute(key="tableList" value="#{requestScope.propTable.data.extraProperties.properties}");
         setPageSessionAttribute(key="selfPage" value="#{request.contextPath}/common/security/msgSecurity/providerEdit.jsf?name=#{pageSession.encodedName}&msgSecurityName=#{pageSession.encodedMsgSecurityName}&configName=#{pageSession.encodedConfigName}");
Index: common/src/main/resources/security/msgSecurity/msgSecurityNew.jsf
===================================================================
--- common/src/main/resources/security/msgSecurity/msgSecurityNew.jsf	(revision 44781)
+++ common/src/main/resources/security/msgSecurity/msgSecurityNew.jsf	(working copy)
@@ -2,7 +2,7 @@
 
     DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 
-    Copyright (c) 2009-2010 Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.
 
     The contents of this file are subject to the terms of either the GNU
     General Public License Version 2 only ("GPL") or the Common Development
@@ -64,7 +64,7 @@
 #include "/common/shared/alertMsg.inc"
 
         <!-- Page Title -->
-        <sun:title id="propertyContentPage" title="$resource{i18nc.headings.NewMsgSecurity}" helpText="$resource{i18nc.msgSecurity.NewMsgSecurityInfo}}">
+        <sun:title id="propertyContentPage" title="$resource{i18nc.headings.NewMsgSecurity}" helpText="$resource{i18nc.msgSecurity.NewMsgSecurityInfo}">
 <!facet pageButtonsTop>
         <sun:panelGroup id="topButtons">
             <sun:button id="newButton" rendered="#{!edit}" text="$resource{i18n.button.OK}"
@@ -83,8 +83,9 @@
                     mapPut(map="#{pageSession.securityConfigMap}" key="providername" value="#{pageSession.valueMap['Name']}");
                     mapPut(map="#{pageSession.securityConfigMap}" key="providertype" value="#{pageSession.valueMap['ProviderType']}");
                     mapPut(map="#{pageSession.securityConfigMap}" key="classname" value="#{pageSession.valueMap['ClassName']}");
-                    gf.createEntity(endpoint="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service/message-security-config" attrs="#{pageSession.securityConfigMap}");
-                    setPageSessionAttribute(key="selfUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service/message-security-config/#{pageSession.securityConfigMap['layer']}/provider-config/#{pageSession.securityConfigMap['providername']}");
+                    mapPut(map="#{pageSession.securityConfigMap}" key="target" value="#{pageSession.configName}");
+                    gf.restRequest(endpoint="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service/message-security-config" attrs="#{pageSession.securityConfigMap}");
+                    setPageSessionAttribute(key="selfUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.configName}/security-service/message-security-config/#{pageSession.valueMap['AuthLayer']}/provider-config/#{pageSession.valueMap['Name']}");
                     javaToJSON(obj="#{pageSession.tableList}" json="#{requestScope.tmpJSON}");
 		    gf.restRequest(endpoint="#{pageSession.selfUrl}/property.json" method="POST" data="#{requestScope.tmpJSON}" result="#{requestScope.restResponse}");
                     gf.redirect(page="#{pageSession.parentPage}?configName=#{configName}")
Index: common/src/main/resources/security/msgSecurity/providerTableButtons.inc
===================================================================
--- common/src/main/resources/security/msgSecurity/providerTableButtons.inc	(revision 44781)
+++ common/src/main/resources/security/msgSecurity/providerTableButtons.inc	(working copy)
@@ -2,7 +2,7 @@
 
     DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 
-    Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 1997-2011 Oracle and/or its affiliates. All rights reserved.
 
     The contents of this file are subject to the terms of either the GNU
     General Public License Version 2 only ("GPL") or the Common Development
@@ -52,7 +52,7 @@
 
         <!insert name="extraButton2">
         </insert>
-
+        
         <!insert name="extraButton3">
         </insert>
 
Index: common/src/main/resources/security/msgSecurity/providerAttr.inc
===================================================================
--- common/src/main/resources/security/msgSecurity/providerAttr.inc	(revision 44781)
+++ common/src/main/resources/security/msgSecurity/providerAttr.inc	(working copy)
@@ -53,14 +53,20 @@
     </sun:property>
     <sun:property id="ProviderIdTextProp"  rendered="#{!edit}" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.msgSecProvider.ProviderIdLabel}">
         <sun:textField id="ProviderIdText" styleClass="required" text="#{pageSession.valueMap['Name']}" columns="$int{55}" maxLength="#{sessionScope.fieldLengths['maxLength.msgSecProvider.ProviderId']}" required="#{true}" />
+        <sun:staticText text=""/>
     </sun:property>
 
-<!--  the defaultProvider attr is not in the <provider-config> element, the logic to display this checkbox is wrong.
-      refer to issue# GLASSFISH-15711   .  remove from prop sheet for now.
-    <sun:property id="DefaultProviderProp"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.msgSecProvider.defaultProviderLabel}" >
+    <sun:property >
+        <sun:staticText text=" " />
+    </sun:property>
+    <!--  the defaultProvider attr is not in the <provider-config> element, User should set default provider
+          in the msg security page itself during edit.
+          During creation, the create command takes this option, so we can pass that in.
+    -->
+    <sun:property id="DefaultProviderProp"  rendered="#{!edit}" labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.msgSecProvider.defaultProviderLabel}"
+                   helpText="$resource{i18nc.msgSecProvider.defaultProviderLabeHelp}">
         <sun:checkbox selected="#{pageSession.valueMap['defaultProvider']}" selectedValue="true" />
     </sun:property>
--->
 
     <sun:property id="ProviderTypeProp"  labelAlign="left" noWrap="#{true}" overlapLabel="#{false}" label="$resource{i18nc.msgSecProvider.providerTypeLabel}" helpText="$resource{i18nc.msgSecProvider.providerTypeHelp}">
         <sun:dropDown id="ProviderType" selected="#{pageSession.valueMap['ProviderType']}" labels={"client", "server", "client-server"}  required="#{true}" />
Index: common/src/main/resources/security/msgSecurity/providers.jsf
===================================================================
--- common/src/main/resources/security/msgSecurity/providers.jsf	(revision 44781)
+++ common/src/main/resources/security/msgSecurity/providers.jsf	(working copy)
@@ -2,7 +2,7 @@
 
     DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
 
-    Copyright (c) 2009-2010 Oracle and/or its affiliates. All rights reserved.
+    Copyright (c) 2009-2011 Oracle and/or its affiliates. All rights reserved.
 
     The contents of this file are subject to the terms of either the GNU
     General Public License Version 2 only ("GPL") or the Common Development
@@ -45,6 +45,25 @@
     setResourceBundle(key="help_common" bundle="org.glassfish.common.admingui.Helplinks");
 />
 <!composition template="/templates/default.layout"  guiTitle="$resource{i18nc.msgSecProvider.TableTitle}" >
+<!define name="extraButton2" >
+    <sun:button id="button1" text="$resource{i18n.button.Delete}" disabled="#{true}" primary="#{false}"
+        onClick="if (getConfirm(this,'$pageSession{confirmDeleteMsg}')) {submitAndDisable(this, '$resource{i18n.button.Processing}');}; return false;" >
+        <!command
+            getUIComponent(clientId="$pageSession{tableRowGroupId}", component=>$attribute{tableRowGroup});
+            createMap(result="#{pageSession.attrsMap}");
+            mapPut(map="#{pageSession.attrsMap}" key="target" value="#{pageSession.encodedConfigName}" );
+            mapPut(map="#{pageSession.attrsMap}" key="layer" value="#{pageSession.encodedName}" );
+            getSelectedSingleMapRows(TableRowGroup="${tableRowGroup}" selectedRows=>$attribute{selectedRows});
+            foreach (var="row" list="${selectedRows}") {
+                urlencode(value="#{row['name']}" encoding="UTF-8" result="#{pageSession.encodedProviderName}");
+                setPageSessionAttribute(key="deleteUrl", value="#{sessionScope.REST_URL}/configs/config/#{pageSession.encodedConfigName}/security-service/message-security-config/#{pageSession.encodedName}/provider-config/#{pageSession.encodedProviderName}");
+                gf.restRequest(endpoint="#{pageSession.deleteUrl}", attrs="#{pageSession.attrsMap}" method="DELETE");
+            }
+            gf.redirect(page="#{pageSession.listLink}");
+        />
+    </sun:button>
+</define>
+
 <!define name="content">
     <event>
     <!beforeCreate