Tuesday, September 12, 2006

New Rampart Configuration

Apache Rampart is going through some changes these days. It is being modified to work on WS-SecurityPolicy. But we had a slight problem - the WS-SecurityPolicy spec does not provide all information required for rampart to be configured properly to produce and consume secured messages.

The proposed solution was to come up with a Rampart specific policy assertion that will hold all configuration information. This will be a top level policy assertion and will not be exposed through MEX interfaces such as ?wsdl.

An example Rampart configuration assertion we are using is as follows:

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">

<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>


Aj said...

The introduction of the namespace is definitley a good idea. Makes things clear and readable.

ToxX said...

do yo know how to get the crypto object out of that new config? in the old way i could make use of the getter and setter for the crypto, how do i do that now?

regards daniel