| <!DOCTYPE html> |
| <!-- |
| | Generated by Apache Maven Doxia at 18 Jan 2016 |
| | Rendered using Apache Maven Fluido Skin 1.4 |
| --> |
| <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> |
| <head> |
| <meta charset="UTF-8" /> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> |
| <meta name="Date-Revision-yyyymmdd" content="20160118" /> |
| <meta http-equiv="Content-Language" content="en" /> |
| <title>Apache Rampart – </title> |
| <link rel="stylesheet" href="./css/apache-maven-fluido-1.4.min.css" /> |
| <link rel="stylesheet" href="./css/site.css" /> |
| <link rel="stylesheet" href="./css/print.css" media="print" /> |
| |
| |
| <script type="text/javascript" src="./js/apache-maven-fluido-1.4.min.js"></script> |
| |
| |
| </head> |
| <body class="topBarDisabled"> |
| |
| |
| |
| <div class="container-fluid"> |
| <div id="banner"> |
| <div class="pull-left"> |
| <div id="bannerLeft"> |
| <img src="images/apache-rampart-logo.jpg" /> |
| </div> |
| </div> |
| <div class="pull-right"> <a href="http://www.apache.org" id="bannerRight"> |
| <img src="http://www.apache.org/images/asf_logo_wide.png" /> |
| </a> |
| </div> |
| <div class="clear"><hr/></div> |
| </div> |
| |
| <div id="breadcrumbs"> |
| <ul class="breadcrumb"> |
| |
| |
| <li id="publishDate">Last Published: 18 Jan 2016 |
| <span class="divider">|</span> |
| </li> |
| <li id="projectVersion">Version: 1.7.0 |
| </li> |
| |
| |
| |
| |
| |
| <li class="pull-right"> |
| <a href="../core/" title="Apache Axis2/Java"> |
| Apache Axis2/Java</a> |
| </li> |
| |
| </ul> |
| </div> |
| |
| |
| <div class="row-fluid"> |
| <div id="leftColumn" class="span2"> |
| <div class="well sidebar-nav"> |
| |
| |
| <ul class="nav nav-list"> |
| <li class="nav-header">Apache Rampart</li> |
| |
| <li> |
| |
| <a href="index.html" title="Home"> |
| <span class="none"></span> |
| Home</a> |
| </li> |
| |
| <li> |
| |
| <a href="javascript:void(0)" title="Downloads"> |
| <span class="icon-chevron-down"></span> |
| Downloads</a> |
| <ul class="nav nav-list"> |
| |
| <li> |
| |
| <a href="download.html" title="Releases"> |
| <span class="none"></span> |
| Releases</a> |
| </li> |
| |
| <li> |
| |
| <a href="svn.html" title="Source Code"> |
| <span class="none"></span> |
| Source Code</a> |
| </li> |
| </ul> |
| </li> |
| |
| <li> |
| |
| <a href="javascript:void(0)" title="Release Notes"> |
| <span class="icon-chevron-down"></span> |
| Release Notes</a> |
| <ul class="nav nav-list"> |
| |
| <li> |
| |
| <a href="release-notes/1.6.1.html" title="1.6.1"> |
| <span class="none"></span> |
| 1.6.1</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.6.2.html" title="1.6.2"> |
| <span class="none"></span> |
| 1.6.2</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.6.3.html" title="1.6.3"> |
| <span class="none"></span> |
| 1.6.3</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.6.4.html" title="1.6.4"> |
| <span class="none"></span> |
| 1.6.4</a> |
| </li> |
| |
| <li> |
| |
| <a href="release-notes/1.7.0.html" title="1.7.0"> |
| <span class="none"></span> |
| 1.7.0</a> |
| </li> |
| </ul> |
| </li> |
| <li class="nav-header">Documentation</li> |
| |
| <li> |
| |
| <a href="quick-start.html" title="Getting Started"> |
| <span class="none"></span> |
| Getting Started</a> |
| </li> |
| |
| <li> |
| |
| <a href="samples.html" title="Samples"> |
| <span class="none"></span> |
| Samples</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://wiki.apache.org/ws/FrontPage/Rampart/FAQ" class="externalLink" title="FAQ"> |
| <span class="none"></span> |
| FAQ</a> |
| </li> |
| |
| <li class="active"> |
| |
| <a href="#"><span class="none"></span>Rampart Configuration</a> |
| </li> |
| |
| <li> |
| |
| <a href="setting-up-sts.html" title="STS Configuration"> |
| <span class="none"></span> |
| STS Configuration</a> |
| </li> |
| |
| <li> |
| |
| <a href="developer-guide.html" title="Developer Guide"> |
| <span class="none"></span> |
| Developer Guide</a> |
| </li> |
| |
| <li> |
| |
| <a href="siteHowTo.html" title="Build the Site"> |
| <span class="none"></span> |
| Build the Site</a> |
| </li> |
| <li class="nav-header">Resources</li> |
| |
| <li> |
| |
| <a href="articles.html" title="Articles"> |
| <span class="none"></span> |
| Articles</a> |
| </li> |
| |
| <li> |
| |
| <a href="specifications.html" title="Specifications"> |
| <span class="none"></span> |
| Specifications</a> |
| </li> |
| |
| <li> |
| |
| <a href="apidocs/index.html" title="Online Javadocs"> |
| <span class="none"></span> |
| Online Javadocs</a> |
| </li> |
| <li class="nav-header">Project Information</li> |
| |
| <li> |
| |
| <a href="team-list.html" title="Project Team"> |
| <span class="none"></span> |
| Project Team</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://issues.apache.org/jira/browse/Rampart" class="externalLink" title="Issue Tracking"> |
| <span class="none"></span> |
| Issue Tracking</a> |
| </li> |
| |
| <li> |
| |
| <a href="mail-lists.html" title="Mailing Lists"> |
| <span class="none"></span> |
| Mailing Lists</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://svn.apache.org/viewvc/axis/axis2/java/rampart/" class="externalLink" title="Source Code"> |
| <span class="none"></span> |
| Source Code</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/licenses/" class="externalLink" title="License"> |
| <span class="none"></span> |
| License</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/foundation/sponsorship.html" class="externalLink" title="Sponsorship"> |
| <span class="none"></span> |
| Sponsorship</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/foundation/thanks.html" class="externalLink" title="Thanks"> |
| <span class="none"></span> |
| Thanks</a> |
| </li> |
| |
| <li> |
| |
| <a href="http://www.apache.org/security/" class="externalLink" title="Security"> |
| <span class="none"></span> |
| Security</a> |
| </li> |
| </ul> |
| |
| |
| |
| <hr /> |
| |
| <div id="poweredBy"> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <div class="clear"></div> |
| <a href="http://maven.apache.org/" title="Built by Maven" class="poweredBy"> |
| <img class="builtBy" alt="Built by Maven" src="./images/logos/maven-feather.png" /> |
| </a> |
| </div> |
| </div> |
| </div> |
| |
| |
| <div id="bodyColumn" class="span10" > |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| |
| |
| <h1>Apache Rampart - Configuration Guide</h1> |
| |
| <div class="section"> |
| <h2><a name="Rampart_Configurations"></a>Rampart Configurations</h2> |
| |
| <p>RampartConfig element can have any of the following child elements. Schema is available <a href="rampart-config.xsd">here</a></p> |
| |
| <table border="0" class="table table-striped"><tbody> |
| |
| <tr class="a"> |
| <td><b>Parameter</b></td> |
| <td><b>Description</b></td> |
| <td><b>Example</b></td></tr> |
| |
| |
| <tr class="b"> |
| <td>user</td> |
| <td>The user's name</td> |
| <td>Set username of UsernameToken to be used <br /></br> |
| <user> bob</user></td></tr> |
| |
| <tr class="a"> |
| <td>userCertAlias</td> |
| <td>The user's cert alias</td> |
| <td>Set alias of the key to be used to sign<br /></br> |
| <userCertAlias> bob</userCertAlias></td></tr> |
| |
| <tr class="b"> |
| <td>encryptionUser</td> |
| <td>The user's name for encryption.</td> |
| <td> |
| <encryptionUser>alice</encryptionUser></td></tr> |
| |
| <tr class="a"> |
| <td>passwordCallbackClass</td> |
| <td>Callback class used to provide the password required to create the |
| UsernameToken or to sign the message</td> |
| <td> |
| |
| <div> |
| <pre> |
| <passwordCallbackClass> |
| org.apache.axis2.security.PWCallback |
| </passwordCallbackClass> |
| </pre></div></td></tr> |
| |
| <tr class="b"> |
| <td>policyValidatorCbClass</td> |
| <td>Callback class used to provide custom validater </td> |
| <td> |
| |
| <div> |
| <pre> |
| <policyValidatorCbClass> |
| org.apache.axis2.security.CustomPolicyValidater |
| </policyValidatorCbClass> |
| </pre></div></td></tr> |
| |
| <tr class="a"> |
| <td>signatureCrypto</td> |
| <td>properties to needed perform signature, such as crypto |
| provider, keystore and its password</td> |
| <td> |
| |
| <div> |
| <pre> |
| <signatureCrypto> |
| <crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> |
| <property name="org.apache.ws.security.crypto.merlin.file">client.jks</property> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property> |
| </crypto> |
| <signatureCrypto> |
| </pre></div> |
| </td></tr> |
| |
| <tr class="b"> |
| <td>encryptionCypto</td> |
| <td>properties to needed perform signature, such as crypto |
| provider, keystore and its password</td> |
| <td> |
| |
| <div> |
| <pre> |
| <encryptionCypto> |
| ....crypto element ...... |
| </encryptionCypto> |
| </pre></div></td></tr> |
| |
| <tr class="a"> |
| <td>decryptionCrypto</td> |
| <td>properties to needed perform signature, such as crypto |
| provider, keystore and its password</td> |
| <td> |
| |
| <div> |
| <pre> |
| <decryptionCrypto> |
| ....crypto element ...... |
| </decryptionCrypto></pre></div></td></tr> |
| |
| <tr class="b"> |
| <td>timestampTTL</td> |
| <td>Time to live of Timestamp</td> |
| <td>The default timestamp time to live is 300 seconds</td></tr> |
| |
| <tr class="a"> |
| <td>timestampMaxSkew</td> |
| <td>The maximum tolerence limit for timeskew of the timestamp</td> |
| <td>Rampart allows timestamps created slightly ahead of the reciever's time.<br /> This parameter allows to specify the tolerence limit</td></tr> |
| |
| <tr class="b"> |
| <td>timestampPrecisionInMilliseconds</td> |
| <td> Whether the timestamps precision should be milliseconds </td> |
| <td>When this value is set false, generated timestamps doesn't contain milliseconds </td></tr> |
| |
| <tr class="a"> |
| <td>optimizeParts</td> |
| <td></td> |
| <td></td></tr> |
| |
| <tr class="b"> |
| <td>tokenStoreClass</td> |
| <td></td> |
| <td></td></tr> |
| |
| <tr class="a"> |
| <td>sslConfig</td> |
| <td>SSL Configuration need for Transportbinding</td> |
| <td>Can specify the properties such as "javax.net.ssl.trustStore" and "javax.net.ssl.trustStorePassword". Please see below for more information.</td></tr> |
| </tbody></table> |
| <br /></br> |
| |
| <div class="section"> |
| <h3><a name="Crypto_Provider"></a>Crypto Provider</h3> |
| |
| <p>org.apache.ws.security.crypto.provider defines the implementation of |
| the org.apache.ws.security.components.crypto.Crypto interface to provide the |
| crypto information required by WSS4J. The other properties defined are the |
| configuration properties used by the implementation class |
| (org.apache.ws.security.components.crypto.Merlin). |
| <br /></br> |
| <a name="ref"></a> |
| <a name="references"></a> |
| </p> |
| <a name="References"></a> |
| </div> |
| <div class="section"> |
| <h3><a name="Crypto_Caching"></a>Crypto Caching</h3> |
| |
| <p>Enabling caching of crypto objects will improve the performance of security processing. |
| After |
| enabling crypto caching, the crypto objects will be read from a cache instead of |
| constructing them by reading the keystore files. |
| </p> |
| |
| <p>To enable caching of Crypto objects, two attributes should be added to the crypto elements |
| of signatureCrypto/encryptionCrypto of RampartConfig. |
| </p> |
| |
| <ol style="list-style-type: decimal"> |
| |
| <li> |
| <b>cryptoKey</b> - |
| <p>As the value of this attribute, specify the property of a Crypto |
| implementation which points to the location of the keystore. For example in |
| Merlin, the |
| property "org.apache.ws.security.crypto.merlin.file" is unique and its pointing to |
| the |
| location of the keystore. Absence of this attribute will not enable caching.</p> |
| </li> |
| |
| <li> |
| <b>cacheRefreshInterval</b> - |
| <p>This is the cache refresh interval specified in |
| milliseconds. Any |
| object that resides in the cache longer than this period will be considered as |
| expired. |
| Cache will not be refreshed if this attribute is not present in the configuration. |
| If you |
| do not want to refresh the cache, provide only the "cryptoKey" attribute.</p> |
| </li> |
| </ol> |
| |
| <p> |
| A sample configuration is provided below. It uses the Merlin crypto implementation for |
| signing and encryption. Here, the value of the cryptoKey attribute is eqaul to |
| "org.apache.ws.security.crypto.merlin.file" and the cache refresh interval is 300000 |
| milliseconds. |
| </p> |
| |
| <div> |
| <pre> |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| <ramp:encryptionCypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property> |
| </ramp:crypto> |
| </ramp:encryptionCypto> |
| </ramp:RampartConfig> |
| </pre></div> |
| |
| <p>Crypto caching is enabled by default when Merlin is used as the crypto provider. So Rampart will cache the crypto objects |
| with an infinite cache refresh interval. This crypto refresh interval can be overridden by setting the cacheRefreshInterval parameter |
| as described above. If it is required to disable crypto caching when Merlin is used, set the 'enableCryptoCaching' parameter |
| value to 'false'. Please refer to the following example. |
| </p> |
| |
| <div> |
| <pre> |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" enableCryptoCaching="false"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| </pre></div> |
| <br /></br> |
| </div> |
| <div class="section"> |
| <h3><a name="References"></a>References</h3>1. |
| <a class="externalLink" href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a> |
| </div> |
| </html> |
| </div> |
| </div> |
| </div> |
| |
| <hr/> |
| |
| <footer> |
| <div class="container-fluid"> |
| <div class="row-fluid"> |
| <p >Copyright © 2005–2016 |
| <a href="http://www.apache.org">Apache Software Foundation</a>. |
| All rights reserved. |
| |
| </p> |
| </div> |
| |
| |
| </div> |
| </footer> |
| </body> |
| </html> |