Document modification for 1.3 release
diff --git a/AUTHORS b/AUTHORS
index 5c3cc71..0b4320c 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1,9 +1,11 @@
Developers
----------
+Samisa Abeysinghe
+Dushshantha Chandradasa
+Supun Kamburugamuva
Kaushalye Kapuruge
Manjula Peiris
Dumindu Pallewela
-Samisa Abeysinghe
+Milinda Pathirage
Sanjaya Ratnaweera
-Dushshantha Chandradasa
Selvaratnam Uthaiyashankar
diff --git a/ChangeLog b/ChangeLog
index 38306c0..0737d6a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+Rampart/C 1.3.0
+ * WS-Secure Conversation Language support
+ * WS-Trust Language support
+ * Rahas module to give STS support to a service
+ * Rampart functionality and Rampart module are splitted into two libraries
+ * Memory leak fixes
+ * Many bug fixes
+--Rampart-C team <rampart-c-dev@ws.apache.org> 20 Apr 2009
+
Rampart/C 1.2.0
* WS-Secure Conversation Language support (Experimental)
* WS-Trust Language support (Experimental)
diff --git a/INSTALL b/INSTALL
index 2c47cca..782bef6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -14,7 +14,7 @@
Build the source
This can be done using the following command sequence:
- ./configure --prefix=${AXIS2C_HOME} --enable-static=no --with-axis2=${AXIS2C_HOME}/include/axis2-1.3.1
+ ./configure --prefix=${AXIS2C_HOME} --enable-static=no --with-axis2=${AXIS2C_HOME}/include/axis2-1.6.0
make
make install
@@ -28,12 +28,12 @@
======================================================
1. Copy modules/rampart to $AXIS2C_HOME/modules
2. Copy lib/* to $AXIS2C_HOME/lib
-3. Copy bin/samples/server/* to $AXIS2C_HOME/services/
+3. Copy services/* to $AXIS2C_HOME/services/
4. Engage rampart as described in section "Engaging Rampart/C with axis2/C"
-5. Copy bin/samples/* to $AXIS2C_HOME/bin/samples/rampart. This will copy callback modules etc.
-6. Go to bin/samples/client/sec_echo/ and deploy the client repo
+5. Copy samples/* to $AXIS2C_HOME/samples/. This will copy callback modules etc.
+6. Go to samples/src/rampartc/client/ and deploy the client repo
%sh deploy_client_repo.sh
-7. Go to bin/samples/secpolicy/ and try a scenario
+7. Go to samples/src/rampartc/secpolicy/ and try a scenario
%sh test_scen.sh scenarioX server-port
@@ -82,7 +82,18 @@
Add following entry either to axis2.xml(gloabl level) or in services.xml(service level).
<module ref="rampart"/>
-Then add following Security phase to the phase order in the outflow in the axis2.xml.
+If you want to provide Secure Token Service (STS) functionality to a service, add the following entry to services.xml.
+ <module ref="rahas"/>
+
+Then add following Security phase to the phase order in the inflow and outflow in the axis2.xml.
+ <phaseOrder type="inflow">
+ <phase name="Transport"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch"/>
+ <phase name="PostDispatch"/>
+ <phase name="Security" />
+ <phase name="Rahas"/>
+ </phaseOrder>
<phaseOrder type="outflow">
<phase name="MessageOut"/>
<phase name="Security"/>
@@ -95,7 +106,7 @@
Try samples on Linux
===============================
-There are several scenarios available under samples/secpolicy
+There are several scenarios available under samples/secpolicy (or samples/src/rampartc/secpolicy if you are using binary distribution)
Run a scenario that you'd like to try using the script test_scen.sh
Syntax: test_scen.sh scenario server_port
E.g. %sh test_scen.sh scenario3 9090
@@ -105,17 +116,14 @@
===============================
There are several scenarios that you can try out with the sec_echo sample of the Rampart/C distribution.
-You can find more about it from the README file inside samples\secpolicy folder.
+You can find more about it from the README file inside samples\secpolicy folder. (or samples\src\rampartc\secpolicy if you are using binary distribution)
1. Set the AXIS2C_HOME envirionment variable to direct to your Axis2/C Installation.
SET AXIS2C_HOME=[your-path-to-axis2c]
-2. Run the deploy_client_repo.bat file found in the samples\client\sec_echo folder.
- This will create an axis2 client repository for the samples in the AXIS2C_HOME\client_repo directory.
-
-To specify policies in the client side, please drop your policy.xml to the same directory as in axis2.xml
-To specify policies in the server side, please add policy assertions to the services.xml.
-Please find such sample policy files under samples/secpolicy/scenarioX. Note that you must replace both the client and service policies for a particular scenario.
-
+Run a scenario that you'd like to try using the script test_scen.bat
+ Syntax: test_scen.bat scenario server_port
+ E.g. test_scen.bat scenario3 9090
+Note: You may use a TCP Monitor to see the wire content. In that case replace the server_port with the target port.
Thank you for using Rampart/C
diff --git a/NEWS b/NEWS
index c6b3eab..4c59806 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,4 @@
+Apache Rampart/C version 1.3.0
Apache Rampart/C is the security module for Apache Axis2/C
You can get the latest svn checkout from https://svn.apache.org/repos/asf/webservices/rampart/trunk/c
@@ -23,7 +24,7 @@
- Signature confirmation support
- SOAP Header signing
-5. WS-Security Policy (spec 1.1) based configurations
+5. WS-Security Policy (spec 1.1 & spec 1.2) based configurations
- Support for both Symmetric as well as Asymmetric policy bindings
- Support for different modes of key identifiers
- Support for different algorithm suites
@@ -43,17 +44,20 @@
- Password callback module
- Authentication module
- Credentials module
+ - Replay detection module
+ - Secure conversation token module
9. Keys management
- Support for X509 token profile
- Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded and Direct references
-10. WS-Secure Conversation Language support (Experimental)
+10. WS-Secure Conversation Language support
- Establishing Security Context and thereby maintaining a session
- Per message key derivation
- Support for stored securtiy context token
+ - Rahas module support to give STS functionality to a service
-11. WS-Trust Language support (Experimental)
+11. WS-Trust Language support
- Security Token Services (STS)
- STS Client
- Server and Client entrophy support
@@ -61,6 +65,7 @@
12. SAML Support
- Support for Creation and Processing of SAML Core 1.1 Assertions
- SAML Token as Sign Supporting Token
+ - Signing and Encryption with SAML
10. Other
- Easy to use deployment scripts
@@ -68,17 +73,16 @@
Major Changes Since Last Release
--------------------------------
-1. WS-Secure Conversation Language support (Experimental)
-2. WS-Trust Language support (Experimental)
-3. SAML 1.1 Support
+1. WS-Secure Conversation Language support
+2. WS-Trust Language support
+3. Rahas module to give STS support to a service
4. Memory leak fixes
5. Many bug fixes
Planned to be implemented Architecture Features
------------------------------------
-1. Signing and Encryption with SAML
-2. WS-Trust : Client/Server challenege response protocol
+1. WS-Trust : Client/Server challenege response protocol
We welcome your early feedback on this implementation.
diff --git a/NOTICE b/NOTICE
index afa4892..d079566 100644
--- a/NOTICE
+++ b/NOTICE
@@ -1,5 +1,5 @@
Apache Rampart/C
-Copyright 2005, 2006, 2007, 2008 The Apache Software Foundation
+Copyright 2005-2009 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
diff --git a/project.properties b/project.properties
index beff01f..cea3c13 100644
--- a/project.properties
+++ b/project.properties
@@ -14,7 +14,7 @@
# limitations under the License.
# -------------------------------------------------------------------
-rampartc_version=1.2.0
+rampartc_version=1.3.0
maven.xdoc.date=left
maven.xdoc.version=${pom.currentVersion}
maven.xdoc.includeProjectDocumentation=no
diff --git a/release_process b/release_process
new file mode 100644
index 0000000..7d5a369
--- /dev/null
+++ b/release_process
@@ -0,0 +1,136 @@
+RAMPART/C release process
+==========================
+
+1. Get a svn checkout from the trunk.
+2. Change the version numbers and update the following files.
+ * ChangeLog
+ NEWS
+ NOTICE (for years)
+ project.properties
+ AUTHORS (if there are new)
+ project.xml
+ configure.ac & Makefile.am (in configure.ac change the VERSION_NO also)
+ build.sh
+ build/win32/makefile
+ build/win32/make_bin_dist.bat
+ xdocs\api\doxygenconf
+ INSTALL file
+ samples/build.sh
+
+
+3. Update the documents inside xdocs
+ * download.html
+ * index.html
+ * installationguide.html
+ * axis2c_manual
+
+4. Run the build.sh
+ make sure for the configure option you have the following.
+ sh configure --prefix=${AXIS2C_HOME} --enable-tests=yes --with-apache2=/usr/local/apache2/include --enable-tcp=yes --with-archive=/usr/include
+
+5. Create the source distribution
+ * Should have maven 1.0.2 installed (for "maven site" command)
+ * make dist
+
+6. Create the binay distribution
+ * make bindist
+
+7. Test the source and binary distributions
+
+8. Test the source distribution in Windows and create the Sorce zip
+ and the windows binary
+
+ Building Windows Binary
+ --------------------------
+
+ Edit the build/win32/configure.in as follows
+
+ * CRUNTIME = /MT
+ * EMBED_MANIFEST = 0
+ * DEBUG = 0
+
+ To create the binary distribution
+
+ * nmake dist
+
+
+9. Sign the packs
+ * use existing key pair if you have
+ * To create a new key pair
+ gpg --gen-key
+ key selection default
+ key size 2048
+ key never expire
+ real name:Manjula Peiris
+ comment:
+ generated user id is:
+ "Manjula Peiris<manjula@wso2.com>"
+ passphrase temp_12_word
+
+ keys will be created in ~/.gnupg directory.
+
+ * cd to the directory which contains the pack and export keys
+ gpg --armor --export manjula@wso2.com > KEYS
+
+ generated message is:
+ You need a Passphrase to protect your secret key.
+ by default key is created in ~/.gnupg
+
+ * Use following script to sign the keys
+
+ #!/bin/bash
+
+ SRC_TAR_GZ=axis2c-src-1.6.0.tar.gz
+ LIN_BIN_TAR_GZ=axis2c-bin-1.6.0-linux.tar.gz
+ SRC_ZIP=axis2c-src-1.6.0.zip
+ WIN32_BIN_ZIP=axis2c-bin-1.6.0-win32.zip
+ SRC_TAR_GZ_MD5=$SRC_TAR_GZ.md5
+ LIN_BIN_TAR_GZ_MD5=$LIN_BIN_TAR_GZ.md5
+ SRC_ZIP_MD5=$SRC_ZIP.md5
+ WIN32_BIN_ZIP_MD5=$WIN32_BIN_ZIP.md5
+ SRC_TAR_GZ_ASC=$SRC_TAR_GZ.asc
+ LIN_BIN_TAR_GZ_ASC=$LIN_BIN_TAR_GZ.asc
+ SRC_ZIP_ASC=$SRC_ZIP.asc
+ WIN32_BIN_ZIP_ASC=$WIN32_BIN_ZIP.asc
+
+ rm -f *.asc
+ rm -f *.md5
+
+ echo "Creating MD5"
+ openssl md5 < $SRC_TAR_GZ > $SRC_TAR_GZ_MD5
+ openssl md5 < $LIN_BIN_TAR_GZ > $LIN_BIN_TAR_GZ_MD5
+ openssl md5 < $SRC_ZIP > $SRC_ZIP_MD5
+ openssl md5 < $WIN32_BIN_ZIP > $WIN32_BIN_ZIP_MD5
+
+ echo "To sign please enter password for the private key"
+ gpg --armor --output $SRC_TAR_GZ_ASC --detach-sig $SRC_TAR_GZ
+ gpg --armor --output $LIN_BIN_TAR_GZ_ASC --detach-sig $LIN_BIN_TAR_GZ
+ gpg --armor --output $SRC_ZIP_ASC --detach-sig $SRC_ZIP
+ gpg --armor --output $WIN32_BIN_ZIP_ASC --detach-sig $WIN32_BIN_ZIP
+
+ echo "DONE"
+
+10. Copy the source, binary packs to your directory in people.apache.org
+
+ rm -rf 1.6.0
+ rm -f 1.6.0.tar.gz
+ mkdir 1.6.0
+ cp -f ../KEYS 1.6.0
+ cp -f axis2c-* 1.6.0
+ tar -zcf axis2c_1.6.0.tar.gz 1.6.0
+ scp axis2c_1.6.0.tar.gz manjula@people.apache.org:~/
+
+11. Put RCs till all the packs are throughly tested and there are no more
+ known issues.
+12. Then upload the release packs to your directory at apache
+13. Call for vote
+14. When the required number of votes is received, upload the release.
+ Copy the release from your home to /www/www.apache.org/dist/ws/axis2-c/
+ update the keys (cat KEYS >> /www/www.apache.org/dist/ws/axis2-c/KEYS)
+ Move earlier releases to archive.apache.org (/www/archive.apache.org/dist/ws/axis2/c/)
+ Update the site at [WWW] https://svn.apache.org/repos/asf/webservices/axis2/site/c/
+ svn update the site at /www/ws.apache.org/axis2/c
+ Test Main Site Downloads (wait until mirros pickup the distributables, before sending the release note.)
+
+15. When the site is updated announce the release.
+
diff --git a/samples/ABOUT_SAMPLES b/samples/ABOUT_SAMPLES
index b04a385..a56242e 100644
--- a/samples/ABOUT_SAMPLES
+++ b/samples/ABOUT_SAMPLES
@@ -1,40 +1,65 @@
Following is a brief description of Rampart/C samples
-Service : samples/services/sec_echo
+Service : ./server/sec_echo
---------------------------
The security enabled service. Depends on deployed security policy scenario.
-Client: samples/client/sec_echo
+Service : ./server/secconv_echo
+---------------------------
+The service act as the Security Token Service (STS). Depends on deployed security policy scenario.
+
+Service : ./server/saml_sts
+---------------------------
+The service act as STS for SAML tokens.
+
+Client: ./client/sec_echo
---------------------------
The client to send secured SOAP messages. Depends on deployed security policy scenario.
-Security policies: samples/secpolicy/scenarioX
+Client: ./client/saml_echo
+---------------------------
+Client uses SAML token as sign supporting token.
+
+Client: ./client/saml_protect
+------------------------------
+Client uses SAML token to encrypt and sign the message
+
+Security policies: ./secpolicy/scenarioX
--------------------------------------
Provides several identified scenarios to demonstrate features of RampartC.
-Please read the README file under samples/secpolicy to learn more about them.
+Please read the README file under ./secpolicy to learn more about them.
-Callbacks : samples/callback
+Callbacks : ./callback
---------------------------
To retrieve passwords for a particular user, Rampart/C uses password callback mechanism.
Such callback modules can be plugged into Rampart/C by defining them in the policy assertions.
The sample shows how to write a simple password callback module.
-Credential Provider: samples/credential_provider
+Credential Provider: ./credential_provider
------------------------------------------------
In the client side it's possible to give a username/password pair to the client, using a credential_provider.
Similar to Callbacks, these can too plugged into Rampart/C by defining them in the policy assertions.
The sample shows how to write a simple credentials provider.
-Authentication Provider : samples/authn_provider
+Authentication Provider : ./authn_provider
----------------------------------------------
In the server side, in order to validate a usernametoken in more application specific way, an authentication module can be used.
The authentication module gets both the username and the password and returns a status code back to Rampart/C.
The sample shows how to write a simple authentication provider.
-Keys : samples/keys
+Replay Detector : ./replay_detector
+---------------------------------------------
+Replay attacks can be identified and removed from the server side. Replay detector module shows one such implementation where it stores
+last 5 message IDs and check whether there are any replays.
+
+Security Context Token Provider : ./sct_provider
+--------------------------------------------------
+To store and retrieve Security Context Token. Can be used in server side as well as in client side.
+
+Keys : ./keys
------------------
All the certificates, private keys and key stores are used by samples are placed here.
-Data : samples/data
+Data : ./data
-------------------
Data files that are used by samples, placed here.
diff --git a/samples/INSTALL b/samples/INSTALL
index ccae1ba..5f4b385 100644
--- a/samples/INSTALL
+++ b/samples/INSTALL
@@ -1,4 +1,4 @@
-Getting Axis2/C Rampart samples source working on Linux
+Getting Rampart/C samples source working on Linux
=============================================
Build the source
This can be done using the following command sequence:
diff --git a/samples/secpolicy/README b/samples/secpolicy/README
index a9ba32b..1a90794 100644
--- a/samples/secpolicy/README
+++ b/samples/secpolicy/README
@@ -6,17 +6,16 @@
Windows users please use the "deploy.bat".
Make sure you have run the
-samples/client/sec_echo/deploy_client_repo.sh on Linux or
-samples\client\sec_echo\deploy_client_repo.bat in Windows.
+../client/deploy_client_repo.sh on Linux or
+..\client\deploy_client_repo.bat in Windows.
These scenarios will only copy the security policy (XML) files.
-Then go to $AXIS2C_HOME/bin and start the server.
+Then start the server. (simple_axis_server is in $AXIS2C_HOME/bin)
To run the client, use the script
-"samples/client/sec_echo/update_n_run.sh" on Linux or
-"samples\client\sec_echo\update_n_run.bat" on Windows.
-
+"../client/sec_echo/update_n_run.sh" on Linux or
+"..\client\sec_echo\update_n_run.bat" on Windows.
Following is a summary of scenarios available.
diff --git a/xdocs/api/doxygenconf b/xdocs/api/doxygenconf
index ae3e205..1c73964 100644
--- a/xdocs/api/doxygenconf
+++ b/xdocs/api/doxygenconf
@@ -23,7 +23,7 @@
# This could be handy for archiving the generated documentation or
# if some version control system is used.
-PROJECT_NUMBER =
+PROJECT_NUMBER = 1.3.0
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.
