| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <!-- Generated by Apache Maven Doxia Site Renderer 1.6 at 12 Dec 2015 --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> |
| <title>Apache Rampart – </title> |
| <style type="text/css" media="all"> |
| @import url("./css/maven-base.css"); |
| @import url("./css/maven-theme.css"); |
| @import url("./css/site.css"); |
| </style> |
| <link rel="stylesheet" href="./css/print.css" type="text/css" media="print" /> |
| <meta name="Date-Revision-yyyymmdd" content="20151212" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| |
| </head> |
| <body class="composite"> |
| <div id="banner"> |
| <a href="images/apache-rampart-logo.jpg" id="bannerLeft"> |
| Apache Rampart |
| </a> |
| <a href="http://www.apache.org" id="bannerRight"> |
| <img src="http://www.apache.org/images/asf_logo_wide.png" alt="$alt" /> |
| </a> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="breadcrumbs"> |
| |
| |
| <div class="xleft"> |
| <span id="publishDate">Last Published: 12 Dec 2015</span> |
| | <span id="projectVersion">Version: 1.6.3</span> |
| </div> |
| <div class="xright"> <a href="../core/" title="Apache Axis2/Java">Apache Axis2/Java</a> |
| |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| <div id="leftColumn"> |
| <div id="navcolumn"> |
| |
| |
| <h5>Apache Rampart</h5> |
| <ul> |
| <li class="none"> |
| <a href="index.html" title="Home">Home</a> |
| </li> |
| <li class="expanded"> |
| <a href="javascript:void(0)" title="Downloads">Downloads</a> |
| <ul> |
| <li class="none"> |
| <a href="download.html" title="Releases">Releases</a> |
| </li> |
| <li class="none"> |
| <a href="svn.html" title="Source Code">Source Code</a> |
| </li> |
| </ul> |
| </li> |
| <li class="expanded"> |
| <a href="javascript:void(0)" title="Release Notes">Release Notes</a> |
| <ul> |
| <li class="none"> |
| <a href="release-notes/1.6.1.html" title="1.6.1">1.6.1</a> |
| </li> |
| <li class="none"> |
| <a href="release-notes/1.6.2.html" title="1.6.2">1.6.2</a> |
| </li> |
| <li class="none"> |
| <a href="release-notes/1.6.3.html" title="1.6.3">1.6.3</a> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <h5>Documentation</h5> |
| <ul> |
| <li class="none"> |
| <a href="quick-start.html" title="Getting Started">Getting Started</a> |
| </li> |
| <li class="none"> |
| <a href="samples.html" title="Samples">Samples</a> |
| </li> |
| <li class="none"> |
| <a href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ" class="externalLink" title="FAQ">FAQ</a> |
| </li> |
| <li class="none"> |
| <strong>Rampart Configuration</strong> |
| </li> |
| <li class="none"> |
| <a href="setting-up-sts.html" title="STS Configuration">STS Configuration</a> |
| </li> |
| <li class="none"> |
| <a href="developer-guide.html" title="Developer Guide">Developer Guide</a> |
| </li> |
| <li class="none"> |
| <a href="siteHowTo.html" title="Build the Site">Build the Site</a> |
| </li> |
| </ul> |
| <h5>Resources</h5> |
| <ul> |
| <li class="none"> |
| <a href="articles.html" title="Articles">Articles</a> |
| </li> |
| <li class="none"> |
| <a href="specifications.html" title="Specifications">Specifications</a> |
| </li> |
| <li class="none"> |
| <a href="apidocs/index.html" title="Online Javadocs">Online Javadocs</a> |
| </li> |
| </ul> |
| <h5>Project Information</h5> |
| <ul> |
| <li class="none"> |
| <a href="team-list.html" title="Project Team">Project Team</a> |
| </li> |
| <li class="none"> |
| <a href="http://issues.apache.org/jira/browse/Rampart" class="externalLink" title="Issue Tracking">Issue Tracking</a> |
| </li> |
| <li class="none"> |
| <a href="mail-lists.html" title="Mailing Lists">Mailing Lists</a> |
| </li> |
| <li class="none"> |
| <a href="http://svn.apache.org/viewvc/axis/axis2/java/rampart/" class="externalLink" title="Source Code">Source Code</a> |
| </li> |
| <li class="none"> |
| <a href="http://www.apache.org/licenses/" class="externalLink" title="License">License</a> |
| </li> |
| <li class="none"> |
| <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsorship">Sponsorship</a> |
| </li> |
| <li class="none"> |
| <a href="http://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks">Thanks</a> |
| </li> |
| <li class="none"> |
| <a href="http://www.apache.org/security/" class="externalLink" title="Security">Security</a> |
| </li> |
| </ul> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="poweredBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /> |
| </a> |
| |
| |
| </div> |
| </div> |
| <div id="bodyColumn"> |
| <div id="contentBox"> |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| |
| |
| <h1>Apache Rampart - Configuration Guide</h1> |
| |
| <div class="section"> |
| <h2><a name="Rampart_Configurations"></a>Rampart Configurations</h2> |
| |
| <p>RampartConfig element can have any of the following child elements. Schema is available <a href="rampart-config.xsd">here</a></p> |
| |
| <table border="0" class="bodyTable"><tbody> |
| |
| <tr class="a"> |
| <td><b>Parameter</b></td> |
| <td><b>Description</b></td> |
| <td><b>Example</b></td></tr> |
| |
| |
| <tr class="b"> |
| <td>user</td> |
| <td>The user's name</td> |
| <td>Set username of UsernameToken to be used <br /></br> |
| <user> bob</user></td></tr> |
| |
| <tr class="a"> |
| <td>userCertAlias</td> |
| <td>The user's cert alias</td> |
| <td>Set alias of the key to be used to sign<br /></br> |
| <userCertAlias> bob</userCertAlias></td></tr> |
| |
| <tr class="b"> |
| <td>encryptionUser</td> |
| <td>The user's name for encryption.</td> |
| <td> |
| <encryptionUser>alice</encryptionUser></td></tr> |
| |
| <tr class="a"> |
| <td>passwordCallbackClass</td> |
| <td>Callback class used to provide the password required to create the |
| UsernameToken or to sign the message</td> |
| <td> |
| |
| <div> |
| <pre> |
| <passwordCallbackClass> |
| org.apache.axis2.security.PWCallback |
| </passwordCallbackClass> |
| </pre></div></td></tr> |
| |
| <tr class="b"> |
| <td>policyValidatorCbClass</td> |
| <td>Callback class used to provide custom validater </td> |
| <td> |
| |
| <div> |
| <pre> |
| <policyValidatorCbClass> |
| org.apache.axis2.security.CustomPolicyValidater |
| </policyValidatorCbClass> |
| </pre></div></td></tr> |
| |
| <tr class="a"> |
| <td>signatureCrypto</td> |
| <td>properties to needed perform signature, such as crypto |
| provider, keystore and its password</td> |
| <td> |
| |
| <div> |
| <pre> |
| <signatureCrypto> |
| <crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> |
| <property name="org.apache.ws.security.crypto.merlin.file">client.jks</property> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> |
| </crypto> |
| <signatureCrypto> |
| </pre></div> |
| </td></tr> |
| |
| <tr class="b"> |
| <td>encryptionCypto</td> |
| <td>properties to needed perform signature, such as crypto |
| provider, keystore and its password</td> |
| <td> |
| |
| <div> |
| <pre> |
| <encryptionCypto> |
| ....crypto element ...... |
| </encryptionCypto> |
| </pre></div></td></tr> |
| |
| <tr class="a"> |
| <td>decryptionCrypto</td> |
| <td>properties to needed perform signature, such as crypto |
| provider, keystore and its password</td> |
| <td> |
| |
| <div> |
| <pre> |
| <decryptionCrypto> |
| ....crypto element ...... |
| </decryptionCrypto></pre></div></td></tr> |
| |
| <tr class="b"> |
| <td>timestampTTL</td> |
| <td>Time to live of Timestamp</td> |
| <td>The default timestamp time to live is 300 seconds</td></tr> |
| |
| <tr class="a"> |
| <td>timestampMaxSkew</td> |
| <td>The maximum tolerence limit for timeskew of the timestamp</td> |
| <td>Rampart allows timestamps created slightly ahead of the reciever's time.<br /> This parameter allows to specify the tolerence limit</td></tr> |
| |
| <tr class="b"> |
| <td>timestampPrecisionInMilliseconds</td> |
| <td> Whether the timestamps precision should be milliseconds </td> |
| <td>When this value is set false, generated timestamps doesn't contain milliseconds </td></tr> |
| |
| <tr class="a"> |
| <td>optimizeParts</td> |
| <td></td> |
| <td></td></tr> |
| |
| <tr class="b"> |
| <td>tokenStoreClass</td> |
| <td></td> |
| <td></td></tr> |
| |
| <tr class="a"> |
| <td>sslConfig</td> |
| <td>SSL Configuration need for Transportbinding</td> |
| <td>Can specify the properties such as "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword". Please see below for more information.</td></tr> |
| </tbody></table> |
| <br /></br> |
| |
| <div class="section"> |
| <h3><a name="Crypto_Provider"></a>Crypto Provider</h3> |
| |
| <p>org.apache.ws.security.crypto.provider defines the implementation of |
| the org.apache.ws.security.components.crypto.Crypto interface to provide the |
| crypto information required by WSS4J. The other properties defined are the |
| configuration properties used by the implementation class |
| (org.apache.ws.security.components.crypto.Merlin). |
| <br /></br> |
| <a name="ref"></a> |
| <a name="references"></a> |
| </p> |
| <a name="References"></a> |
| </div> |
| <div class="section"> |
| <h3><a name="Crypto_Caching"></a>Crypto Caching</h3> |
| |
| <p>Enabling caching of crypto objects will improve the performance of security processing. |
| After |
| enabling crypto caching, the crypto objects will be read from a cache instead of |
| constructing them by reading the keystore files. |
| </p> |
| |
| <p>To enable caching of Crypto objects, two attributes should be added to the crypto elements |
| of signatureCrypto/encryptionCrypto of RampartConfig. |
| </p> |
| |
| <ol style="list-style-type: decimal"> |
| |
| <li> |
| <b>cryptoKey</b> - |
| <p>As the value of this attribute, specify the property of a Crypto |
| implementation which points to the location of the keystore. For example in |
| Merlin, the |
| property "org.apache.ws.security.crypto.merlin.file" is unique and its pointing to |
| the |
| location of the keystore. Absence of this attribute will not enable caching.</p> |
| </li> |
| |
| <li> |
| <b>cacheRefreshInterval</b> - |
| <p>This is the cache refresh interval specified in |
| milliseconds. Any |
| object that resides in the cache longer than this period will be considered as |
| expired. |
| Cache will not be refreshed if this attribute is not present in the configuration. |
| If you |
| do not want to refresh the cache, provide only the "cryptoKey" attribute.</p> |
| </li> |
| </ol> |
| |
| <p> |
| A sample configuration is provided below. It uses the Merlin crypto implementation for |
| signing and encryption. Here, the value of the cryptoKey attribute is eqaul to |
| "org.apache.ws.security.crypto.merlin.file" and the cache refresh interval is 300000 |
| milliseconds. |
| </p> |
| |
| <div> |
| <pre> |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| <ramp:encryptionCypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> |
| </ramp:crypto> |
| </ramp:encryptionCypto> |
| </ramp:RampartConfig> |
| </pre></div> |
| |
| <p>Crypto caching is enabled by default when Merlin is used as the crypto provider. So Rampart will cache the crypto objects |
| with an infinite cache refresh interval. This crypto refresh interval can be overridden by setting the cacheRefreshInterval parameter |
| as described above. If it is required to disable crypto caching when Merlin is used, set the 'enableCryptoCaching' parameter |
| value to 'false'. Please refer to the following example. |
| </p> |
| |
| <div> |
| <pre> |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" enableCryptoCaching="false"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| </pre></div> |
| <br /></br> |
| </div> |
| <div class="section"> |
| <h3><a name="References"></a>References</h3>1. |
| <a class="externalLink" href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a> |
| </div> |
| </html> |
| </div> |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| <div id="footer"> |
| <div class="xright"> |
| Copyright © 2005–2015 |
| <a href="http://www.apache.org">Apache Software Foundation</a>. |
| All rights reserved. |
| |
| </div> |
| <div class="clear"> |
| <hr/> |
| </div> |
| </div> |
| </body> |
| </html> |
