com.sun.enterprise.security.cli.create-message-security-provider.1 Maven / Gradle / Ivy
Administration Commands create-message-security-provider(1)
NAME
create-message-security-provider - enables administrators
to create the message-security-config and provider-config
sub-elements for the security service in domain.xml
SYNOPSIS
create-message-security-provider
[--terse={true|false}][ --echo={true|false} ]
[ --interactive={true|false} ] [ --host host]
[--port port] [--secure| -s ] [ --user admin_user]
[--passwordfile filename] [--help]
[ --target target] --classname provider_class
[--layer message_layer ] [--providertype provider_type ]
[--requestauthsource request_auth_source ]
[--requestauthrecipient request_auth_recipient ]
[--responsetauthsource response_auth_source ]
[--responseauthrecipient response_auth_recipient ]
[--isdefaultprovider] [ --property name=value[:name=value]* ]
provider_name
DESCRIPTION
Enables the administrator to create the message-security-
config and provider-config sub-elements for the security
service in domain.xml (the file that specifies parameters
and properties of a domain to the Enterprise Server). The
options specified in the list below apply to attributes
within the message-security-config and provider-config sub-
elements of the domain.xml file.
If the message-layer (message-security-config) element does
not exist, this command creates it, and then provider-config
is created under it.
This command is supported in remote mode only.
OPTIONS
If an option has a short option name, then the short option
precedes the long option name. Short options have one dash
whereas long options have two dashes.
-t --terse
Indicates that any output data must be very concise,
typically avoiding human-friendly sentences and favoring
well-formatted data for consumption by a script. Default
is false.
Java EE 6 Last change: 15 Apr 2009 1
Administration Commands create-message-security-provider(1)
-e --echo
If set to true, the command-line statement is echoed on
the standard output. Default is false.
-I --interactive
If set to true (default), only the required password
options are prompted.
-H --host
The machine name where the domain administration server
is running. The default value is localhost.
-p --port
The HTTP port or HTTPS port for administration. This
port is the port in the URL that you specify in your web
browser to manage the domain, for example,
http://localhost:4848.
The default port number for administration is 4848.
-s --secure
If set to true, uses SSL/TLS to communicate with the
domain administration server.
The default is false.
-u --user
The user name of the authorized administrative user of
the domain administration server.
If you have authenticated to a domain by using the asad-
min login command, you need not specify the --user
option for subsequent operations on the domain.
--passwordfile
Specifies the name, including the full path, of a file
that contains the password entries in a specific format.
The entry for a password must have the AS_ADMIN_ prefix
followed by the password name in uppercase letters. For
example, to specify the password for the domain adminis-
tration server, use an entry with the following format:
Java EE 6 Last change: 15 Apr 2009 2
Administration Commands create-message-security-provider(1)
AS_ADMIN_PASSWORD=password
In this example, password is the actual administrator
password.
The following other passwords can also be specified:
o AS_ADMIN_MAPPEDPASSWORD
o AS_ADMIN_USERPASSWORD
o AS_ADMIN_ALIASPASSWORD
All remote commands must specify the administration
password to authenticate to the domain administration
server. The password can be specified by one of the fol-
lowing means:
o Through the --passwordfile option
o Through the asadmin login command
o Interactively at the command prompt
The asadmin login command can be used only to specify
the administration password. For other passwords that
remote commands require, use the --passwordfile option
or specify them at the command prompt.
After authenticating to a domain by using the asadmin
login command, you need not specify the administration
password through the --passwordfile option for subse-
quent operations on the domain. However, only the
AS_ADMIN_PASSWORD option is not required. You still must
provide the other passwords, for example,
AS_ADMIN_USERPASSWORD, when required by individual com-
mands, such as update-file-user.
For security reasons, a password that is specified as an
environment variable is not read by the asadmin command.
The default value for AS_ADMIN_MASTERPASSWORD is
changeit.
--help
Displays the help text for the command.
--target
Do not specify this option. This option is retained for
compatibility with other releases. If you specify this
option, a syntax error does not occur. Instead, the
Java EE 6 Last change: 15 Apr 2009 3
Administration Commands create-message-security-provider(1)
command runs successfully and the option is silently
ignored.
OPTIONAL ATTRIBUTES
The following optional attribute name/value pairs are avail-
able:
classname
Defines the Java implementation class of the provider.
Client authentication providers must implement the
com.sun.enterprise. security.jauth.ClientAuthModule
interface. Server-side providers must implement the
com.sun.enterprise.security jauth.ServerAuthModule
interface. A provider may implement both interfaces, but
it must implement the interface corresponding to its
provider type.
layer
The message-layer entity used to define the value of the
auth-layer attribute of message-security-config ele-
ments. The default is SOAP.
providertype
Establishes whether the provider is to be used as client
authentication provider, server authentication provider,
or both. Valid options for this property include client,
server, or client-server. The default value is client-
server.
requestauthsource
The auth-source attribute defines a requirement for
message-layer sender authentication (e.g. username pass-
word) or content authentication (e.g. digital signature)
to be applied to request messages. Possible values are
sender or content. When this argument is not specified,
source authentication of the request is not required.
requestauthrecipient
The auth-recipient attribute defines a requirement for
message-layer authentication of the receiver of a mes-
sage to its sender (e.g. by XML encryption). Possible
values are before-content or after-content. The default
value is after-content.
Java EE 6 Last change: 15 Apr 2009 4
Administration Commands create-message-security-provider(1)
responseauthsource
The auth-source attribute defines a requirement for
message-layer sender authentication (e.g. username pass-
word) or content authentication (e.g. digital signature)
to be applied to response messages. Possible values are
sender or content. When this option is not specified,
source authentication of the response is not required.
responseauthrecipient
The auth-recipient attribute defines a requirement for
message-layer authentication of the receiver of the
response message to its sender (e.g. by XML encryption).
Possible values are before-content or after-content. The
default value is after-content.
isdefaultprovider
The default-provider attribute is used to designate the
provider as the default provider (at the layer) of the
type or types identified by the providertype argument.
There is no default associated with this option.
property
Use this property to pass provider-specific property
values to the provider when it is initialized. Proper-
ties passed in this way might include key aliases to be
used by the provider to get keys from keystores, sign-
ing, canonicalization, encryption algorithms, etc.
OPERANDS
provider_name
The name of the provider used to reference the
provider-config element.
EXAMPLES
Example 1 Using create-message-security-provider
The following example shows how to create a message security
provider for a client.
asadmin> create-message-security-provider --user admin
--passwordfile pwd_file
--classname com.sun.enterprise.security.jauth.ClientAuthModule
--providertype client mySecurityProvider
Java EE 6 Last change: 15 Apr 2009 5
Administration Commands create-message-security-provider(1)
EXIT STATUS
0 command executed successfully
1 error in executing the command
SEE ALSO
delete-message-security-provider(1), list-message-security-
providers(1)
Java EE 6 Last change: 15 Apr 2009 6
© 2015 - 2025 Weber Informatics LLC | Privacy Policy