Re: Adding WS-Security to an embedded axis2 web application

Wed, 05 Dec 2007 09:36:13 -0800 

you get ws-security support with rampart-1.1 and above
http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1

take a look at
/samples/basic/sample11/src/org/apache/rampart/samples/sample11/Client.java
for an example of configuring
Timestamp Signature Encryption for inflow and outflow as identified via this
example services.xml
    <parameter name="InflowSecurity">
      <action>
        <items>Timestamp Signature Encrypt</items>

<passwordCallbackClass>org.apache.rampart.samples.sample11.PWCBHandler</pass
wordCallbackClass>
        <signaturePropFile>service.properties</signaturePropFile>
      </action>
    </parameter>

the declarative operation identifies the password callback handler via
setPasswordCallbackClass in the client stub as in
ofc.setPasswordCallbackClass("org.apache.rampart.samples.sample11.PWCBHandle
r");

take a look at PWCBHandler.java which handles the Password validation

also be sure to service.properties is located on the classpath and has the
ability to initialise all of the crypto parameters e.g.
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.cry
pto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=apache
org.apache.ws.security.crypto.merlin.file=service.jks

Martin--
----- Original Message -----
From: "ndthuy" <[EMAIL PROTECTED]>
To: <axis-user@ws.apache.org>
Sent: Wednesday, December 05, 2007 12:03 PM
Subject: Adding WS-Security to an embedded axis2 web application


>
> All,
>
> Does anyone know how to set up WS-Security to an embedded Axis2 web
> application ? I am using Axis2 1.3 and Rampart 1.3. This is my set up for
> embedded Axis2 web application.
>
> WebApp:
>         + src
>         + WebRoot
>             + conf
>             + lib
>             + modules
>             + services
>                + common
>                + META-INF
>                   + AdminRetrieveUserService.wsdl
>                   + apschema.xsd
>                   + services.xml
>
> I added rampart-1.3.mar to the modules folder. I also added all the
rampart
> libraries. I added the following to services.xml :
>
> <module ref="rampart"/>
>
> <parameter name="Inflowsecurity">
>         <action>
>         <items>Timestamp</items>
>         </action>
>         </parameter>
>         <parameter name="Outflowsecurity">
>         <action>
>         <items>Timestamp</items>
>         </action>
>         </parameter>
>
> And I haven't modified my client yet. I supposed to receive the error if I
> send my message without the soap header. However nothing happened and I
> still received a successful soap message back. Does anyone try to do this
> before?
>
> Thanks.
> --
> View this message in context:
http://www.nabble.com/Adding-WS-Security-to-an-embedded-axis2-web-applicatio
n-tf4950998.html#a14175976
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to