While the necessary configuration will depend on what security features you choose to use the overall set of activities will be similar regardless. On the client side you can define the security configuration via a client Axis2 descriptor file (axis2.xml), Rampart policy file, or programmatically (deprecated). On the server side you can define the security configuration via the service descriptor file (services.xml) or via a Rampart policy embedded in the service WSDL.
The following examples show the client and server configurations in the context of a client Axis2 descriptor and Rampart policy files and the server configuration via the context of the service descriptor file.
Client configuration:
<axisconfig name="AxisJava2.0"> <module ref="rampart" /> <parameter name="InflowSecurity"> <action> <items>Signature Encrypt</items> <signaturePropFile> client-crypto.properties </signaturePropFile> <passwordCallbackClass> webservice.ClientPWCallback </passwordCallbackClass> <signatureKeyIdentifier> DirectReference </signatureKeyIdentifier> </action> </parameter> <parameter name="OutflowSecurity"> <action> <items>Signature Encrypt</items> <encryptionUser>admin</encryptionUser> <user>tester</user> <passwordCallbackClass> webservice.ClientPWCallback </passwordCallbackClass> <signaturePropFile> client-crypto.properties </signaturePropFile> <signatureKeyIdentifier> DirectReference </signatureKeyIdentifier> <encryptionParts> {Element}{http://www.curamsoftware.com}Credentials </encryptionParts> </action> </parameter> ...
Server configuration:
<serviceGroup> <service name="SignedAndEncrypted"> ... <module ref="rampart" /> <parameter name="InflowSecurity"> <action> <items>Signature Encrypt</items> <passwordCallbackClass> webservice.ServerPWCallback </passwordCallbackClass> <encryptionUser>admin</encryptionUser> <user>tester</user> <signaturePropFile> server-crypto.properties </signaturePropFile> <signatureKeyIdentifier> DirectReference </signatureKeyIdentifier> </action> </parameter> <parameter name="OutflowSecurity"> <action> <items>Signature Encrypt</items> <encryptionUser>admin</encryptionUser> <user>tester</user> <passwordCallbackClass> webservice.ServerPWCallback </passwordCallbackClass> <signaturePropFile> server-crypto.properties </signaturePropFile> <signatureKeyIdentifier> DirectReference </signatureKeyIdentifier> </action> </parameter> ... </service> </serviceGroup>
All Rampart clients must specify a configuration context that at a minimum identifies the location of the Rampart and other modules. The following example illustrates this and includes a client Axis2 descriptor file. Later code examples will utilize this same structure assuming it is located in the C:\Axis2\client directory.
modules/ addressing-1.3.mar rahas-1.5.mar rampart-1.5.mar conf/ client-axis2.xml
The equivalent specification to the parameters in Defining the Axis2 Security Configuration and Defining the Axis2 Security Configuration via a Rampart policy file would be as follows:
(policy.xml Fragment)
... <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>beantester</ramp:user> <ramp:encryptionUser>curam</ramp:encryptionUser> <ramp:passwordCallbackClass> webservice.ClientPWCallback </ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS </ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> client.keystore </ramp:property> <ramp:property name= "org.apache.ws.security.crypto.merlin.keystore.password"> password </ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type"> JKS </ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file"> client.keystore </ramp:property> <ramp:property name= "org.apache.ws.security.crypto.merlin.keystore.password"> password </ramp:property> </ramp:crypto> </ramp:encryptionCypto> </ramp:RampartConfig> ...