Enabling SOAP message signing for EJB webservice client in Glassfish

Let's start writing posts again!

Today's solution is for following scenario: An EJB uses a web service client, and needs to sign its request with a trusted certificate. We are running Glassfish 3.1.1. Its documentation is pretty straighforward about specifying default client provider, which will cause all webservice calls to be signed. But we cannot do that, because other web service we're calling cannot handle digitally signed SOAP messages. Documentation only mentions web service endpoint configuration .

Here's what to do

Add following to your glassfish-ejb-jar.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-ejb-jar PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 EJB 3.1//EN"
                <!-- you might need explicit @WebService(name="service") on that field,
                     even if the field is named service -->
                    <!-- This is the vital part - specify port of web service -->
                        auth-layer="SOAP" provider-id="ClientProvider"/>

Then, configure your client e. g. via admin gui at path Configurations > server-config > Security > Message Security > SOAP > Tab Providers > Client Provider.