Thanks Ruchith for the Response Regarding point D why can't the axis2 engine decide that the incoming request is of type REST and then it should override Rampart and let the request be processed I have exposed the web services which are REST as well as SOAP enabled and Rampart is configured for these services. So i will run in to issues if REST cannoy simultaneously coexist when rampart is enabled. Any plans to get this resolved in the future? If no then can you please give me some valid reasons why this is not possible? I raised another question about setting up the keystore in Rampart and Dimuthu replied back but he wanted to get some understanding from your side how to import PEM into the JKS keystore. Can you please provide your two cents on that too. Vibhor
________________________________ From: Ruchith Fernando [mailto:[EMAIL PROTECTED] Sent: Fri 5/4/2007 4:33 AM To: Vibhor_Sharma Cc: [email protected] Subject: Re: Security using rampart Hi Vibhor, On 4/28/07, Vibhor_Sharma <[EMAIL PROTECTED]> wrote: > > > Hi Ruchith > We are deploying the web services solution created by Axis2 1.1.1 and > security using rampart1.1. > > The deployment comprises of the Apache Web server which receives the HTTP > requests and then routes the requests to the Jboss Application server, where > axis2 web application along with the services are deployed. > > I want to have encryption and digital signature in place using rampart. I > have tested the application with the sample certifcates in the development > environment and it works fine. The questions are pertaining to the > production deployment. > > a) Do i need to have the certifcates key store(signed server certificate, CA > self signed certifcate) maintained at the > Apache web server? I guess this would be required in case i want to > have transport layer security enabled right. Yes, you will only need to have the keystore in the Apache web server only if you use transport layer security : HTTPS > > b) Since rampart would reside at the Jboss server i would need the keystore > at Jboss server also right? this will be required for handling > the encrypted and digitaly signed SOAP messages. This keystore would > have the private keys of the server, CA self signed certificate, and the > signed certificate of the server by the CA. For rampart's configuration it doesn't matter where you store the keystore! You simply have to provide the path (relative or absolute) to the keystore in rampart configuration. > > c) I hope the Apache web server does not create issues with the encrypted > soap request coming in when the transport layer security is also > enabled. It must let it pass through to Jboss as is. Yes > > d) If rampart is enabled for the web services and the axis2 engine is > enabled/configured for REST based services too, would Axis2 engine > expect encrypted and digitally signed messages when the consumer sends a > POST request? Yes! Therefore when you enable rampart on a service that service will not be accessible via REST/POST. HTH and apologies about the late response! Thanks, Ruchith > > It is a long mail but will help us in the deployment of the web services in > the production environment. > > Thanks > Vibhor -- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
