axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ruchi...@apache.org
Subject svn commit: r493976 - in /webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1: sec-conf/rampart-config.xsd sec-conf/sample-policy.xml security-module.html
Date Mon, 08 Jan 2007 08:01:39 GMT
Author: ruchithf
Date: Mon Jan  8 00:01:38 2007
New Revision: 493976

URL: http://svn.apache.org/viewvc?view=rev&rev=493976
Log:
updated the ramaprt configuration information, TODO: client side config details

Added:
    webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/rampart-config.xsd
    webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/sample-policy.xml
Modified:
    webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/security-module.html

Added: webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/rampart-config.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/rampart-config.xsd?view=auto&rev=493976
==============================================================================
--- webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/rampart-config.xsd
(added)
+++ webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/rampart-config.xsd
Mon Jan  8 00:01:38 2007
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ramp="http://ws.apache.org/rampart/policy"
targetNamespace="http://ws.apache.org/rampart/policy" elementFormDefault="qualified" attributeFormDefault="unqualified">
+	<xs:element name="RampartConfig">
+		<xs:annotation>
+			<xs:documentation>Rampart specific configuration assertion</xs:documentation>
+		</xs:annotation>
+		<xs:complexType>
+			<xs:sequence>
+				<xs:element name="user" type="xs:string"/>
+				<xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+				<xs:element name="passwordCallbackClass" type="xs:string"/>
+				<xs:element name="encryptionCypto" type="ramp:crypto" minOccurs="0"/>
+				<xs:element name="signatureCypto" type="ramp:crypto" minOccurs="0"/>
+			</xs:sequence>
+		</xs:complexType>
+	</xs:element>
+	<xs:complexType name="crypto">
+		<xs:annotation>
+			<xs:documentation>Crypto configuration assertion</xs:documentation>
+		</xs:annotation>
+		<xs:sequence maxOccurs="unbounded">
+			<xs:element name="property" type="xs:string"/>
+		</xs:sequence>
+		<xs:attribute name="provider"/>
+	</xs:complexType>
+</xs:schema>

Added: webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/sample-policy.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/sample-policy.xml?view=auto&rev=493976
==============================================================================
--- webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/sample-policy.xml
(added)
+++ webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/sec-conf/sample-policy.xml
Mon Jan  8 00:01:38 2007
@@ -0,0 +1,89 @@
+<!--
+  ~ Copyright 2004,2005 The Apache Software Foundation.
+  ~
+  ~  Licensed under the Apache License, Version 2.0 (the "License");
+  ~  you may not use this file except in compliance with the License.
+  ~  You may obtain a copy of the License at
+  ~
+  ~       http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing, software
+  ~  distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  -->
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+	<wsp:All>
+		<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+			<wsp:Policy>
+				<sp:InitiatorToken>
+					<wsp:Policy>
+						<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+							<wsp:Policy>
+								<sp:RequireDerivedKeys/>
+								<sp:WssX509V3Token10/>
+							</wsp:Policy>
+						</sp:X509Token>
+					</wsp:Policy>
+				</sp:InitiatorToken>
+				<sp:RecipientToken>
+					<wsp:Policy>
+						<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+							<wsp:Policy>
+								<sp:RequireDerivedKeys/>
+								<sp:WssX509V3Token10/>
+							</wsp:Policy>
+						</sp:X509Token>
+					</wsp:Policy>
+				</sp:RecipientToken>
+				<sp:AlgorithmSuite>
+					<wsp:Policy>
+						<sp:TripleDesRsa15/>
+					</wsp:Policy>
+				</sp:AlgorithmSuite>
+				<sp:Layout>
+					<wsp:Policy>
+						<sp:Strict/>
+					</wsp:Policy>
+				</sp:Layout>
+				<sp:IncludeTimestamp/>
+				<sp:OnlySignEntireHeadersAndBody/>
+			</wsp:Policy>
+		</sp:AsymmetricBinding>
+		<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+			<wsp:Policy>
+				<sp:MustSupportRefKeyIdentifier/>
+				<sp:MustSupportRefIssuerSerial/>
+			</wsp:Policy>
+		</sp:Wss10>
+		<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+			<sp:Body/>
+		</sp:SignedParts>
+		<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+			<sp:Body/>
+		</sp:EncryptedParts>
+		<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
+			<ramp:user>alice</ramp:user>
+			<ramp:encryptionUser>bob</ramp:encryptionUser>
+			<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+			
+			<ramp:signatureCrypto>
+				<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+					<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+					<ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+					<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+				</ramp:crypto>
+			</ramp:signatureCrypto>
+			<ramp:encryptionCypto>
+				<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+					<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+					<ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+					<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+				</ramp:crypto>
+			</ramp:encryptionCypto>
+		</ramp:RampartConfig>
+	</wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>

Modified: webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/security-module.html
URL: http://svn.apache.org/viewvc/webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/security-module.html?view=diff&rev=493976&r1=493975&r2=493976
==============================================================================
--- webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/security-module.html (original)
+++ webservices/axis2/branches/java/1_1/xdocs/modules/rampart/1_1/security-module.html Mon
Jan  8 00:01:38 2007
@@ -24,12 +24,14 @@
 
 <h2>Introduction</h2>
 
-<p>Since rampart module inserts handlers in the system specific pre-dispatch
-phase, it must be engaged globally. But it is possible to activate rampart
-module for the inflow or the outflow when required by the service or the
-clients.</p>
+<p>Since rampart module inserts handlers in the system specific security
+phase, it must be engaged globally. These handlers can be configured 
+using WS-SecurityPolicy[2] and Rampart specific policy assertions. 
+Rampart-1.0 used two axis2 parameters for configuration and these are
+still supported in the 1.1 release as well.</p>
 
-<p>The rampart module (rampart.mar) is available with the Axis2 release.</p>
+<p>The rampart-1.1 release is available 
+<a href="http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1">here</a>.</p>
 
 <p>First it should be engaged by inserting the following in the axis2.xml
 file.</p>
@@ -43,7 +45,30 @@
 service. The client side config parameters should be set in the axis2.xml of
 the client's Axis2 repository.</p>
 
-<p>Aegis module uses two parameters:</p>
+<h2>Rampart-1.1 Configuration</h2>
+
+<h3>Rampart Specific Assertions</h3>
+
+<p>Rampart uses the standard WS-SecurityPolicy[2] assertions and also defines its own

+assertions to be able capture the configuration information that is not provided 
+in WS-SecurityPolicy.</p>
+<p>The Rampart specific assertion's xsd can be found <a href="sec-conf/rampart-config.xsd">here
+</a>.</p>
+
+<p>The <strong>ramp:RampartConfig</strong> assertion must be available
as a one of the top 
+level assertions of the policy as shown <a href="sec-conf/sample-policy.xml">here</a>.</p>
+
+<h3>Service Configration</h3>
+
+To configure the service one will simply have to add the policy element into the 
+sevices.xml file.
+
+<h3>Client Confiuration</h3>
+
+
+<h2>Rampart-1.0 Configuration</h2>
+
+<p>Rampart module uses two parameters:</p>
 <ul>
   <li>OutflowSecurity</li>
   <li>InflowSecurity</li>
@@ -51,7 +76,7 @@
 The configuration that can go in each of these parameters are described
 below: <a name="outflowsecurity"></a>
 
-<h2>OutflowSecurity Parameter</h2>
+<h3>OutflowSecurity Parameter</h3>
 This parameter is used to configure the outflow security handler. The outflow
 handler can be invoked more than once in the outflow one can provide
 configuration for each of these invocations. The 'action' element describes
@@ -156,7 +181,7 @@
 </table>
 <a name="inflowsecurity"></a>
 
-<h2>InflowSecurity Parameter</h2>
+<h3>InflowSecurity Parameter</h3>
 
 <p>This parameter is used to configure the inflow security handler. The
 'action' element is used to encapsulate the configuration elements here as
@@ -227,6 +252,9 @@
 
 <p>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a></p>
 <a name="examples"></a>
+<p>2. <a href="http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf">ws-securitypolicy.pdf</a></p>
+<a name="examples"></a>
+
 
 <h2>Examples</h2>
 



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message