Prabath Siriwardena wrote:
Hi;
Thilina fixed this in the Rampart trunk and I guess also included in
Rampart 1.5.1
Correction - Rampart 1.5
Thanks & regards.
-Prabath
To enable caching of Crypto objects, two attributes should be added to
the crypto elements of "signatureCrypto"/"encryptionCrypto" of
RampartConfig.
1.cryptoKey - As the value of this attribute, specify the property of
a Crypto implementation which points to the location of the keystore.
For example in Merlin, the property
"org.apache.ws.security.crypto.merlin.file" is unique and its pointing
to the location of the keystore. Absence of this attribute will not
enable caching.
2.cacheRefreshInterval - This is the cache refresh interval specified
in milliseconds. Any object that resides in the cache longer than this
period will be considered as expired. Cache will not be refreshed if
this attribute is not present in the configuration. If you do not want
to refresh the cache, provide only the "cryptoKey" attribute.
A sample configuration is provided below. It uses the Merlin crypto
implementation for signing and encryption. Here, the value of the
cryptoKey attribute is eqaul to
"org.apache.ws.security.crypto.merlin.file" and the cache refresh
interval is 300000 milliseconds.
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin"
cryptoKey="org.apache.ws.security.crypto.merlin.file"
cacheRefreshInterval="300000">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin"
cryptoKey="org.apache.ws.security.crypto.merlin.file"
cacheRefreshInterval="300000>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
Thanks & regards.
-Prabath
Wally Dennis wrote:
Rampart Devs,
Is there a reason why the RampartEngine always loads the Crypto
object (specifically the signatureCypto) instead of maintaining a
cache of these objects like WSS4J? Unless I am mistaken, in the
WSHandler object in WSS4J, there is a Hashtable that basically caches
these Crypto objects so they don't have to be reloaded for each and
every request. Reloading the object for every request (and in some
cases multiple times per request) seems to be very inefficient.
Thanks,
Wally Dennis
The information contained in this e-mail and any accompanying
documents may contain information that is confidential or otherwise
protected from disclosure. If you are not the intended recipient of
this message, or if this message has been addressed to you in error,
please immediately alert the sender by reply e-mail and then delete
this message, including any attachments. Any dissemination,
distribution or other use of the contents of this message by anyone
other than the intended recipient is strictly prohibited. All
messages sent to and from this e-mail address may be monitored as
permitted by applicable law and regulations to ensure compliance with
our internal policies and to protect our business. E-mails are not
secure and cannot be guaranteed to be error free as they can be
intercepted, amended, lost or destroyed, or contain viruses. You are
deemed to have accepted these risks if you communicate with us by
e-mail.
