axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cha...@apache.org
Subject svn commit: r494743 - /webservices/axis2/site/modules/rampart/1_1/security-module.html
Date Wed, 10 Jan 2007 06:52:08 GMT
Author: chatra
Date: Tue Jan  9 22:52:07 2007
New Revision: 494743

URL: http://svn.apache.org/viewvc?view=rev&rev=494743
Log:
updated contents

Modified:
    webservices/axis2/site/modules/rampart/1_1/security-module.html

Modified: webservices/axis2/site/modules/rampart/1_1/security-module.html
URL: http://svn.apache.org/viewvc/webservices/axis2/site/modules/rampart/1_1/security-module.html?view=diff&rev=494743&r1=494742&r2=494743
==============================================================================
--- webservices/axis2/site/modules/rampart/1_1/security-module.html (original)
+++ webservices/axis2/site/modules/rampart/1_1/security-module.html Tue Jan  9 22:52:07 2007
@@ -2,7 +2,7 @@
           @import url("../../../style/maven-base.css");
           
 			    @import url("../../../style/maven-theme.css");</style><link rel="stylesheet"
href="../../../style/print.css" type="text/css" media="print"></link><meta http-equiv="Content-Type"
content="text/html; charset=ISO-8859-1"></meta></head><body class="composite"><div
id="banner"><a href="http://www.apache.org/" id="organizationLogo"><img alt="Apache
Software Foundation" src="http://www.apache.org/images/asf-logo.gif"></img></a><a
href="http://ws.apache.org/axis2/" id="projectLogo"><img alt="Apache Axis2" src="http://ws.apache.org/axis2/images/axis.jpg"></img></a><div
class="clear"><hr></hr></div></div><div id="breadcrumbs"><div
class="xleft">
-                	Last published: 09 January 2007
+                	Last published: 10 January 2007
                   | Doc for 1.1.1</div><div class="xright">
         
         <a href="../../../index.html">Axis2/Java</a>
@@ -31,8 +31,17 @@
 features, called "Rampart". This document explains how to engage and
 configure Rampart module.</p><div class="subsection"><a name="Content"></a><h3>Content</h3><ul>
   <li><a href="#intro">Introduction</a></li>
+    <li><a href="#1_1_config">Rampart-1.1 Configuration</a>
+	<ul>
+	<li><a href="#1_1_assetions">Rampart Specific Assertions</a></li>
+	<li><a href="#1_1_service_config">Service Configration</a></li>
+	<li><a href="#1_1_client_config">Client Confiuration</a></li>
+	</ul></li>
+  <li><a href="#1_0_config">Rampart-1.0 Configuration</a>
+  <ul>
   <li><a href="#outflowsecurity">OutflowSecurity Parameter</a></li>
   <li><a href="#inflowsecurity">InflowSecurity Parameter</a></li>
+  </ul></li>
   <li><a href="#references">References</a></li>
   <li><a href="#examples">Examples</a></li>
 </ul><p><a name="intro"></a></p></div><div class="subsection"><a
name="Introduction"></a><h3>Introduction</h3><p>Since rampart module
inserts handlers in the system specific security
@@ -48,17 +57,16 @@
 container such as Apache Tomcat.</p><p>At the server it is possible to provide
security on a per service basis.
 The configuration parameters should be set in the service.xml file of the
 service. The client side config parameters should be set in the axis2.xml of
-the client's Axis2 repository.</p></div><div class="subsection"><a name="Rampart-1_1_Configuration"></a><h3>Rampart-1.1
Configuration</h3></div><div class="subsection"><a name="Rampart_Specific_Assertions"></a><h3>Rampart
Specific Assertions</h3><p>Rampart uses the standard WS-SecurityPolicy[2] assertions
and also defines its own 
+the client's Axis2 repository.</p><p><a id="1_1_config"></a></p></div><div
class="subsection"><a name="Rampart-1_1_Configuration"></a><h3>Rampart-1.1
Configuration</h3><p><a id="1_1_assetions"></a></p></div><div
class="subsection"><a name="Rampart_Specific_Assertions"></a><h3>Rampart
Specific Assertions</h3><p>Rampart uses the standard WS-SecurityPolicy[2] assertions
and also defines its own 
 assertions to be able capture the configuration information that is not provided 
 in WS-SecurityPolicy.</p><p>The Rampart specific assertion's xsd can be found
<a href="sec-conf/rampart-config.xsd">here
 </a>.</p><p>The <strong>ramp:RampartConfig</strong> assertion
must be available as a one of the top 
-level assertions of the policy as shown <a href="sec-conf/sample-policy.xml">here</a>.</p></div><div
class="subsection"><a name="Service_Configration"></a><h3>Service Configration</h3><p>
+level assertions of the policy as shown <a href="sec-conf/sample-policy.xml">here</a>.</p><p><a
id="1_1_service_config"></a></p></div><div class="subsection"><a
name="Service_Configration"></a><h3>Service Configration</h3><p>
 
 To configure the service one will simply have to add the policy element into the 
 sevices.xml file. A sample service.xml file is available 
 <a href="sec-conf/sample-services.xml">here</a>.
-
-</p></div><div class="subsection"><a name="Client_Confiuration"></a><h3>Client
Confiuration</h3><p>On the client side, a policy object should be created and
loaded into options. Creating the policy object can be done using a "policy.xml" file as follows.</p>
+<a id="1_1_client_config"></a></p></div><div class="subsection"><a
name="Client_Confiuration"></a><h3>Client Confiuration</h3><p>On
the client side, a policy object should be created and loaded into options. Creating the policy
object can be done using a "policy.xml" file as follows.</p>
     <div class="source"><pre>
 	//Creating the object
   	StAXOMBuilder builder = new StAXOMBuilder(pathToPolicyfile);
@@ -67,11 +75,10 @@
 	Options options = new Options();
         options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, clientPolicy);
 
-
 </pre></div>
-  </div><div class="subsection"><a name="Rampart-1_0_Configuration"></a><h3>Rampart-1.0
Configuration</h3><p>Rampart module uses two parameters:</p><ul>
-  <li>OutflowSecurity</li>
-  <li>InflowSecurity</li>
+  <p><a id="1_0_config"></a></p></div><div class="subsection"><a
name="Rampart-1_0_Configuration"></a><h3>Rampart-1.0 Configuration</h3><p>Rampart
module uses two parameters:</p><ul>
+  <li><a href="outflowsecurity">OutflowSecurity</a></li>
+  <li><a href="inflowsecurity">InflowSecurity</a></li>
 </ul><p>
 The configuration that can go in each of these parameters are described
 below: <a name="outflowsecurity"></a></p></div><div class="subsection"><a
name="OutflowSecurity_Parameter"></a><h3>OutflowSecurity Parameter</h3><p>
@@ -87,36 +94,36 @@
 2</a> shows how to sign the message twice by chaining the outflow handler
 (using two 'action' elements)</p><p>Following is a description of the elements
that can go in an 'action'
 element of the OutflowSecurity parameter</p><br></br><table class="bodyTable"><tbody>
-    <tr class="b"><td><b>Parameter</b></td><td><b>Description</b></td><td><b>Example</b></td></tr>
-    <tr class="a"><td>items</td><td>Security actions for the inflow</td><td>Add
a Timestamp, Sign the SOAP body and Encrypt the SOAP body <br></br>
+    <tr class="a"><td><b>Parameter</b></td><td><b>Description</b></td><td><b>Example</b></td></tr>
+    <tr class="b"><td>items</td><td>Security actions for the inflow</td><td>Add
a Timestamp, Sign the SOAP body and Encrypt the SOAP body <br></br>
         &lt;items&gt; Timestamp Signature Encrypt&lt;/items&gt;</td></tr>
-    <tr class="b"><td>user</td><td>The user's name</td><td>Set
alias of the key to be used to sign<br></br>
+    <tr class="a"><td>user</td><td>The user's name</td><td>Set
alias of the key to be used to sign<br></br>
         &lt;user&gt; bob&lt;/user&gt;</td></tr>
-    <tr class="a"><td>passwordCallbackClass</td><td>Callback class
used to provide the password required to create the
+    <tr class="b"><td>passwordCallbackClass</td><td>Callback class
used to provide the password required to create the
         UsernameToken or to sign the message</td><td>&lt;passwordCallbackClass&gt;
         org.apache.axis2.security.PWCallback&lt;/passwordCallbackClass&gt;</td></tr>
-    <tr class="b"><td>signaturePropFile</td><td>property file used
to get the signature parameters such as crypto
+    <tr class="a"><td>signaturePropFile</td><td>property file used
to get the signature parameters such as crypto
         provider, keystore and its password</td><td>Set example.properties file
as the signature property file<br></br>
         &lt;signaturePropFile&gt;
       example.properties&lt;/signaturePropFile&gt;</td></tr>
-    <tr class="a"><td>signatureKeyIdentifier</td><td>Key identifier
to be used in referring the key in the signature</td><td>Use the serial number
of the certificate<br></br>
+    <tr class="b"><td>signatureKeyIdentifier</td><td>Key identifier
to be used in referring the key in the signature</td><td>Use the serial number
of the certificate<br></br>
         &lt;signatureKeyIdentifier&gt;
         IssuerSerial&lt;/signatureKeyIdentifier&gt;</td></tr>
-    <tr class="b"><td>encryptionKeyIdentifier</td><td>Key identifier
to be used in referring the key in encryption</td><td>Use the serial number of
the certificate <br></br>
+    <tr class="a"><td>encryptionKeyIdentifier</td><td>Key identifier
to be used in referring the key in encryption</td><td>Use the serial number of
the certificate <br></br>
         &lt;encryptionKeyIdentifier&gt;IssuerSerial&lt;/encryptionKeyIdentifier&gt;</td></tr>
-    <tr class="a"><td>encryptionUser</td><td>The user's name for
encryption.</td><td><br></br>
+    <tr class="b"><td>encryptionUser</td><td>The user's name for
encryption.</td><td><br></br>
         &lt;encryptionUser&gt;alice&lt;/encryptionUser&gt;</td></tr>
-    <tr class="b"><td>encryptionSymAlgorithm</td><td>Symmetric algorithm
to be used for encryption</td><td>Use AES-128<br></br>
+    <tr class="a"><td>encryptionSymAlgorithm</td><td>Symmetric algorithm
to be used for encryption</td><td>Use AES-128<br></br>
         &lt;encryptionSymAlgorithm&gt;
         http://www.w3.org/2001/04/xmlenc#aes128-cbc&lt;/encryptionSymAlgorithm&gt;</td></tr>
-    <tr class="a"><td>encryptionKeyTransportAlgorithm</td><td>Key
encryption algorithm</td><td>Use RSA-OAEP<br></br>
+    <tr class="b"><td>encryptionKeyTransportAlgorithm</td><td>Key
encryption algorithm</td><td>Use RSA-OAEP<br></br>
         &lt;parameter name="encryptionSymAlgorithm"&gt;
         http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p&lt;/parameter&gt;</td></tr>
-    <tr class="b"><td>signatureParts</td><td>Sign multiple parts
in the SOAP message</td><td>Sign Foo and Bar elements qualified by "http://app.ns/ns"<br></br>
+    <tr class="a"><td>signatureParts</td><td>Sign multiple parts
in the SOAP message</td><td>Sign Foo and Bar elements qualified by "http://app.ns/ns"<br></br>
         &lt;signatureParts&gt;
         {Element}{http://app.ns/ns}Foo;{Element}{http://app.ns/ns}Bar
         &lt;/signatureParts&gt;</td></tr>
-    <tr class="a"><td>optimizeParts</td><td>MTOM Optimize the elements
specified by the XPath query</td><td>Optimize the CipherValue<br></br>
+    <tr class="b"><td>optimizeParts</td><td>MTOM Optimize the elements
specified by the XPath query</td><td>Optimize the CipherValue<br></br>
         &lt;optimizeParts&gt;
         //xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
         &lt;/optimizeParts&gt;</td></tr>
@@ -124,19 +131,19 @@
 'action' element is used to encapsulate the configuration elements here as
 well. The schema of the 'action' element is available here. <a href="#ex3">Example
3</a> shows the configuration to decrypt, verify
 signature and validate timestamp.</p><table class="bodyTable"><tbody>
-    <tr class="b"><td><b>Parameter</b></td><td><b>Description</b></td><td><b>Example</b></td></tr>
-    <tr class="a"><td>items</td><td>Security actions for the inflow</td><td>first
the incoming message should be decrypted and then the
+    <tr class="a"><td><b>Parameter</b></td><td><b>Description</b></td><td><b>Example</b></td></tr>
+    <tr class="b"><td>items</td><td>Security actions for the inflow</td><td>first
the incoming message should be decrypted and then the
         signatures should be verified and should be checked for the
         availability of the Timestamp <br></br>
         &lt;items&gt; Timestamp Signature Encrypt&lt;/items&gt;</td></tr>
-    <tr class="b"><td>passwordCallbackClass</td><td>Callback class
used to obtain password for decryption and
+    <tr class="a"><td>passwordCallbackClass</td><td>Callback class
used to obtain password for decryption and
         UsernameToken verification</td><td><br></br>
         &lt;passwordCallbackClass&gt;
         org.apache.axis2.security.PWCallback&lt;/passwordCallbackClass&gt;</td></tr>
-    <tr class="a"><td>signaturePropFile</td><td>Property file used
for signature verification</td><td><br></br>
+    <tr class="b"><td>signaturePropFile</td><td>Property file used
for signature verification</td><td><br></br>
         &lt;signaturePropFile&gt;
       sig.properties&lt;/signaturePropFile&gt;</td></tr>
-    <tr class="b"><td>decryptionPropFile</td><td>Property file used
for decryption</td><td><br></br>
+    <tr class="a"><td>decryptionPropFile</td><td>Property file used
for decryption</td><td><br></br>
         &lt;decryptionPropFile&gt;
       dec.properties&lt;/decryptionPropFile&gt;</td></tr>
   </tbody></table><br></br><p>Please note that the '.properties'
files used in properties such as



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message