geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: gsoc [WS-Security support for JAX-WS Web Services]
Date Thu, 23 Apr 2009 13:41:32 GMT
On Wed April 22 2009 11:39:14 pm Jarek Gawor wrote:

> CXF has all the security modules
> within it (AFAIK).

Not REALLY true with the way CXF is pulled into Geronimo.   Geronimo doesn't 
include those modules.    For the most part, getting them added in would just 
be adding a maven dependency on cxf-rt-ws-security (and cxf-rt-ws-policy to 
make the SecurityPolicy stuff work).   Maven should then grab those and get 
them included into Geronimo.  As long as it ends up in the same classloader as 
all the rest of the cxf stuff, cxf should auto-detect it and enable it.   Once 
you do that (and upgrade to CXF 2.2.x), all the WS-SecurityPolicy stuff should 
"just work" if the policy is in the wsdl.   Thus, that part of you project 
could be as simple as that.   (obviously, that's a small part of the project)  
You could probably even grab the CXF versions of the Microsoft PlugFest stuff 
and try running them in Geronimo:   
https://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/

(As an aside: too late now, but getting the MS PlugFest stuff running in G 
would have been a good addition to the proposal from a testing standpoint.   
Wish I would have thought of that earlier.)

I'm really not sure how much you really want to dig into WSS4J.  That's very 
low level security stuff which is pretty complex and may not be worth your 
time.   Rampart and CXF's SecurityPolicy implementations do an excellent job 
of abstracting that stuff out and driving it by interpretting the policies.   
About the only thing you need to know about wss4j when going the policy route 
is how to setup the Merlin properties files for the keystores and such.


Dan 



> Rahul,
>
> In terms of Geronimo here are some docs that might be helpful (some
> info might be out of date):
>
> 1) Some basic GBean information - you will see/work with them a lot:
>
> http://cwiki.apache.org/GMOxDOC22/developing-and-deploying-a-geronimo-gbean
>.html http://cwiki.apache.org/confluence/display/GMOxDEV/GBean+Annotations
>
> 2) Basic classloading and plugin information in Geronimo.
>
> http://cwiki.apache.org/GMOxDOC22/classloading.html
> http://cwiki.apache.org/confluence/display/GMOxDEV/Plugin+Guide
>
> In terms of code you will probably be working with the following modules:
>
> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis2/
> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/
> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/
> http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/
>
> I trust you to find the basic Axis2 and CXF info :)
>
> I believe both use WSS4J project for WS-Security
> (http://ws.apache.org/wss4j/). Axis2 has a separate project that
> provides web services security features: Rampart
> (http://ws.apache.org/rampart/). CXF has all the security modules
> within it (AFAIK).
>
> Hope this helps you get started.
>
> Jarek
>
> On Tue, Apr 21, 2009 at 3:33 PM, rahul.soa <rahul.soa@googlemail.com> wrote:
> > Hello everyone,
> >
> > I want to start with some reading and understanding with the geronimo's
> > components which will be involved in this project. So can you please
> > point me to the appropriate documentation for the same. If you want to
> > know more about the proposal then feel free to look at the descriptive
> > project proposal on the below link:
> >
> > http://wiki.apache.org/general/rahulsoa
> >
> > Thanks in advance.
> >
> > Best Regards,
> > Rahul

-- 
Daniel Kulp
dkulp@apache.org
http://www.dankulp.com/blog

Mime
View raw message