New Rampart Configuration

Apache Rampart is going through some changes these days. It is being modified to work on WS-SecurityPolicy. But we had a slight problem - the WS-SecurityPolicy spec does not provide all information required for rampart to be configured properly to produce and consume secured messages.

The proposed solution was to come up with a Rampart specific policy assertion that will hold all configuration information. This will be a top level policy assertion and will not be exposed through MEX interfaces such as ?wsdl.

An example Rampart configuration assertion we are using is as follows:

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
    <ramp:user>alice</ramp:user>
    <ramp:encryptionUser>bob</ramp:encryptionUser>
    <ramp:passwordCallbackClass>org.apache.rampart.TestCBHandler</ramp:passwordCallbackClass>
  
    <ramp:signatureCrypto>
        <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
            <ramp:property name="org.apache.ws.security.crypto.merlin.file">interop/interop2.jks</ramp:property>
            <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
        </ramp:crypto>
    </ramp:signatureCrypto>
</ramp:RampartConfig>

Secure Message Exchanges with Multiple Users

This is a tutorial on Apache Rampart configurations in setting up a service to be able to receive and respond with encrypted and signed messages with multiple clients.