views:

921

answers:

3

Hi, I need to use encryption (and signature) for a web-service (server side). I use axis2 and successfully added the rampart module (for WS-Security implementation). But rampart page (http://ws.apache.org/axis2/modules/rampart/1_2/security-module.html) is missing examples and the sample file are not really documented. So my question is : what is the simplest way to add encryption (and signature) ? what do I have to put in the services.xml, do I have to write a policy.xml ? What do I have to give to the client's developer (in addition to the WSDL) ? If you can point me to a good tutorial it would be helpful, thanks etc...

+3  A: 

Would it be possible to simply use SSL (https)? That would certainly simplify things.

Ross
+1  A: 

Vinze - I ran into this problem with rampart too, although I wasn't trying to expose a web service, just call one. (See this question).

I've found all web services security stuff to be confusing, and it doesn't help that rampart is poorly documented (no good tutorials as you mentioned).

You may have some success writing to the WSS4J API instead of using rampart. (BTW, I think rampart is built on top of WSS4J).

As for what to provide the client's developer it may be simplest for him/her if you put the policy information into the wsdl instead of a separate policy.xml. But you should probably plan on providing him/her documentation on how your service is secured so he/she knows how to call it.

Michael Sharek
Yes, by searching many solutions I understood the policy should be in the WSDL file ; but I generate it using Axis's Java2WSDL ant task and I don't know how to do it... maybe I will have to write the WSDL myself ! Writing the service with correct API instead of POJO is also the solution I'm going to
Vinze
A: 

I found many answers in this book : http://agileskills2.org/DWSAA/index.html (chapter 9) So even if I didn't finished I'll try to answer my own question :

  • Even if the policy is in the WSDL the current Axis 2 version (1.4) don't look at it so you must add the policy and the rampart configuration in the services.xml
  • You have to write a rampart-config.xml for the client and "engage" the module in the ConfigurationContext used as argument for the stub constructor
  • For both you need a keystore (such as JKS) and a certificate

Maybe more, I'll edit this answer when I would succeed...

Vinze