axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wally Dennis" <wally.den...@aonhewitt.com>
Subject How to externalize policy information in services.xml?
Date Tue, 08 Mar 2011 16:34:54 GMT
Hello,

Has anyone figured out how to externalize the policy definition normally 
included in services.xml?  Basically, I would like to be able to define 
this information once in an external file and somehow reference/import 
that into multiple services.xml definitions.  See below for a very simple 
example - I want to be able to put the entire <wsp:Policy> section in a 
separate file and somehow import that into the services.xml.  All of our 
services use the same policy and it seems very redundant to define it over 
and over.  Additionally, we want to be able to update Rampart config 
information (ie - key aliases) without having to redeploy entire aar 
files.

<service>
    <operation name="echo">
        <messageReceiver 
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
    </operation>
    <parameter name="ServiceClass" 
locked="false">org.apache.rampart.samples.policy.sample02.SimpleService</parameter>

    <module ref="rampart"/>
    <module ref="addressing"/>

    <wsp:Policy wsu:Id="SigOnly"
 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
        <wsp:ExactlyOne>
            <wsp:All>
                <sp:AsymmetricBinding 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy>
                        <sp:InitiatorToken>
                            <wsp:Policy>
                                <sp:X509Token
 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                    <wsp:Policy>
                                        <sp:RequireThumbprintReference/>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:InitiatorToken>
                        <sp:RecipientToken>
                            <wsp:Policy>
                                <sp:X509Token
 
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                    <wsp:Policy>
                                        <sp:RequireThumbprintReference/>
                                        <sp:WssX509V3Token10/>
                                    </wsp:Policy>
                                </sp:X509Token>
                            </wsp:Policy>
                        </sp:RecipientToken>
                        <sp:AlgorithmSuite>
                            <wsp:Policy>
                                <sp:TripleDesRsa15/>
                            </wsp:Policy>
                        </sp:AlgorithmSuite>
                        <sp:Layout>
                            <wsp:Policy>
                                <sp:Strict/>
                            </wsp:Policy>
                        </sp:Layout>
                        <sp:IncludeTimestamp/>
                        <sp:OnlySignEntireHeadersAndBody/>
                    </wsp:Policy>
                </sp:AsymmetricBinding>
                <sp:Wss10 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <wsp:Policy>
                        <sp:MustSupportRefKeyIdentifier/>
                        <sp:MustSupportRefIssuerSerial/>
                    </wsp:Policy>
                </sp:Wss10>
                <sp:SignedParts 
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                    <sp:Body/>
                </sp:SignedParts>

                <ramp:RampartConfig 
xmlns:ramp="http://ws.apache.org/rampart/policy">
                    <ramp:user>service</ramp:user>
                    <ramp:encryptionUser>client</ramp:encryptionUser>
 
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample02.PWCBHandler
                    </ramp:passwordCallbackClass>

                    <ramp:signatureCrypto>
                        <ramp:crypto 
provider="org.apache.ws.security.components.crypto.Merlin">
                            <ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                            <ramp:property 
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
                            <ramp:property 
name="org.apache.ws.security.crypto.merlin.keystore.password">apache
                            </ramp:property>
                        </ramp:crypto>
                    </ramp:signatureCrypto>
                </ramp:RampartConfig>

            </wsp:All>
        </wsp:ExactlyOne>
    </wsp:Policy>
</service>

Thanks,
Wally



The information contained in this e-mail and any accompanying documents may contain information
that is confidential or otherwise protected from disclosure. If you are not the intended recipient
of this message, or if this message has been addressed to you in error, please immediately
alert the sender by reply e-mail and then delete this message, including any attachments.
Any dissemination, distribution or other use of the contents of this message by anyone other
than the intended recipient is strictly prohibited. All messages sent to and from this e-mail
address may be monitored as permitted by applicable law and regulations to ensure compliance
with our internal policies and to protect our business. E-mails are not secure and cannot
be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or
contain viruses. You are deemed to have accepted these risks if you communicate with us by
e-mail. 



Mime
View raw message