users@glassfish.java.net

Re: SAM for SOAP UserNameToken authentication

From: <glassfish_at_javadesktop.org>
Date: Thu, 19 Jun 2008 12:59:20 PDT

Brian,

Configure your SAM as SOAP layer provider, and then define a
message-security-binding element within the sun-specific deployment descriptor corresponding to your web service endpoint.
see sun-web-app_2_5-0.dtd

to bind a provider in to an endpoint

<!ELEMENT webservice-endpoint ( port-component-name, endpoint-address-uri?, (login-config | message-security-binding)?, transport-guarantee?, service-qname?, tie-class?, servlet-impl-class?, debugging-enabled? )>

you could also configure you SAM as the default SOAP layer provider, in which case, you would not need to define a message-security-binding.

you could also define your own AuthConfigProvider, in which case it would define how the SAM is bound to yoru app.

then on the client side, depending on whether you want to integrate a CAM in the client, then you might want to implement and bind a client side auth module; which can similarly be done via a message-seucirty-binding elment, see

<!ELEMENT port-info ( service-endpoint-interface?, wsdl-port?, stub-property*, call-property*, message-security-binding? )>

or by defining a default SOAP layer client auth module, or
by defining your own AuthConfigProvider.

BTW, I think setting the username and password values in the binding provider, will not cause them to be used in the soap layer. (i think you would need to write a CAM to do that)

Ron
[Message sent by forum member 'monzillo' (monzillo)]

http://forums.java.net/jive/thread.jspa?messageID=281398