The proposed solution was to come up with a Rampart specific policy assertion that will hold all configuration information. This will be a top level policy assertion and will not be exposed through MEX interfaces such as ?wsdl.
An example Rampart configuration assertion we are using is as follows:
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
2 comments:
The introduction of the namespace is definitley a good idea. Makes things clear and readable.
do yo know how to get the crypto object out of that new config? in the old way i could make use of the getter and setter for the crypto, how do i do that now?
regards daniel
Post a Comment