Low-level configuration can be stored persistently in the deployment descriptor of the service endpoint or service client or it can be set at runtime. The global (default) configuration is stored in the deployment descriptors of the security provider component and security-provider client. The global configuration consists of one username token. A configuration on a service endpoint or service client has a higher priority than the global configuration.
The runtime configuration is stored in the context data of the call context (org.systinet.wasp.webservice.CallContext) or in the context data of the service endpoint or service client. Runtime configuration on the call context has a higher priority than a configuration on the service endpoint or service client. Runtime configurations also have higher priority than persistent configuration.
Location of Configuration: By Type
Runtime
Runtime configuration is stored in the context data of call context, service endpoint and service client. The message configuration (org.systinet.wasp.security.ws.conf.MessageConf) is stored under the key CD_MESSAGE_CONF in org.systinet.wasp.security.ws.Constants. Configuration of other preferences (org.systinet.wasp.security.ws.conf.WSSEConf) is stored under the key CD_SECURITY_CONFIGURATION in org.systinet.wasp.security.ws.Constants.
In runtime, there are two configurations of the validator: the class name is either set by default to WSSEConf or a reference to an existing instance of the validator can be stored in the context data under the key CD_VALIDATOR_INSTANCE in org.systinet.wasp.security.ws.Constants.
Persistent
Persistent configuration is given by the WSSEProviderConf interface and is stored in the deployment descriptor of the service client and service endpoint. The element is serviceProviderPreferences and the element's attribute is localName with the value WS-Security. The schema of the configuration is defined in org.systinet.wasp.security.ws.conf.WSSEProviderConf.
Global
Global configuration is given by the WSSEGlobalConf interface and is stored in the deployment descriptors of the Security Providers server and client packages. The element is serviceProviderPreferences and the element's attribute is name and has the value WS-Security. The schema of the configuration is defined in org.systinet.wasp.security.ws.conf.WSSEGlobalConf.
This configuration can be set through the Server Preferences tab of the Administration Console. Please see Server Preferences Management for further details.
Location of Configuration: By Preference
Message
In runtime configuration, it is based on the MessageConf interface. Please see org.systinet.wasp.security.ws.conf.MessageConf. It defines the security of one message. Runtime configuration has a higher priority than persistent configuration. A runtime configuration stored in the call context has a higher priority than one stored in the service endpoint or service client context.
In persistent configuration, it defines the security configuration of messages on the service client or service endpoint. It is a part of WSSEProviderConf. See org.systinet.wasp.security.ws.conf.WSSEProviderConf for details.
External tokens
In runtime configuration, it is a part of the WSSEConf configuration.
In persistent configuration, it is a part of the WSSEProviderConf configuration.
During processing all external security tokens from all runtime and persistent configuration are used.
For more information please see org.systinet.wasp.security.ws.conf.ExternalSecurityTokensConf.
Incoming validator
In runtime configuration, it is a part of the WSSEConf configuration. In runtime, the validator can be given by:
Class name. This is a part of Security Preferences (see below)
Reference to an instance implementing the org.systinet.wasp.security.ws.IncomingValidator CD_VALIDATOR_INSTANCE in org.systinet.wasp.security.ws.Constants
In persistent configuration, it is a part of the WSSEProviderConf configuration.
For more information please see org.systinet.wasp.security.ws.IncomingValidator.
Security preferences
In runtime configuration, it is a part of the WSSEConf configuration.
In persistent configuration, it is a part of WSSEProviderConf configuration.
During processing all runtime and persistent configurations are merged. Thus the values defined in the highest priority configuration are used.
For more information please see the Javadoc for org.systinet.wasp.security.ws.conf.WSSEConf.
Global security preferences
In persistent configuration only: It is a part of WSSEGlobalConf configuration.
This configuration can be set through the Server Preferences tab of the Administration Console; please see Server Preferences Management.
For more information, please see the Javadoc for org.systinet.wasp.security.ws.conf.WSSEGlobalConf.
Setting message configuration into the call context affects only outgoing responses, not WS-RM acknowledgments. For example, the following code will not correctly set the WS-Security configuration for WS-RM acknowledgments :
public class MyService {
public void myMethod(String someParam) {
Configurable configurable = Configurator.newRuntimeConfigurable();
MessageConf messageConf = (MessageConf) configurable.narrow(MessageConf.class);
messageConf.setNoSecurityHeader(Boolean.TRUE);
Current.getCallContext().getContextData().put(Constants.CD_MESSAGE_CONF, messageConf);
}
}
Nevertheless, you may still configure WS-Security for WS-RM acknowledgments using either persistent or runtime configuration in the service endpoint context, as shown in Example 8
Example 8. Configuring WS-Security for WS-ReliableMessaging Acknowledgements
ServiceEndpoint endpoint = ServiceEndpoint.create("/myService", new MyServiceImpl());
ServiceEndpointContext ctx = serviceEndpoint.getContext();
Configurable configurable = Configurator.newRuntimeConfigurable();
MessageConf messageConf = (MessageConf) configurable.narrow(MessageConf.class);
messageConf.setNoSecurityHeader(Boolean.TRUE);
ctx.getContextData().put(Constants.CD_MESSAGE_CONF, messageConf);