Rampart > Java

This explains how to setup and run standard Apache Rampart samples in an Axis2 instance hosted in Apache Rampart.

Applies To

Apache Rampart - 1.4
Apache Axis2 - 1.4.1

http://ws.apache.org/axis2/
http://ws.apache.org/rampart/

You need to have the following to try this:

- Apache Axis2 Standard Binary Distribution (Version 1.4.1)
- Apache Axis2 WAR (Web Archive) Distribution (Version 1.4.1)
- Apache Rampart Standard Binary Distribution (Version 1.4)
- Apache Tomcat
- Apache Ant

In this tutorial, Nandana Mihindukulasooriya walks you through vulnerabilities within Axis2 1.4/ Rampart 1.4 and lists possible work arounds in solving those issues.

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and their clients. Apache Rampart configuration allows providing a password callback handler class, that can be used to provide passwords needed for Rampart engine to build username tokens and create signatures when sending messages. It is also used to provide passwords required to validate incoming username tokens and decrypt encrypted content in incoming messages. In this tutorial, Nandana Mihindukulasooriya will go through possible usage scenarios of password callback handler and describe how to configure Rampart and write password callback handlers to suit each of those usage scenarios.

This explains the common issues in wsse:Timestamp validation and the possible fixes.

Apache AXIOM is a StAX based XML info-set model. LLOM (Linked List Object Model) is the default implementation of Apache AXIOM. In addition to this, Apache AXIOM provides another AXIOM implementation which also implements org.w3c.dom.* interfaces (which includes a subset of DOM Level 3 support) called DOOM.

Ruchith takes a moment to talk about Apache Rampart and how it implements the security related Web service specifications for Apache Axis2. He also extends an invitation to all those buzzing minds out there to get on the Rampart bandwagon!

In many practical scenarios a service is expected to encrypt responses to its clients. In such scenarios the service will have to use the client's public key certificate to encrypt the response. It is possible with Apache Axis2 to implement such a scenario in four simple steps using Apache Rampart (the WS-Security module based on Apache WSS4J).

Apache Rampart is the Axis2 module that implements the WS-Security functionality based on Apache WSS4J. WS-Security provides multiple ways in which one can authenticate a user when they need to access a service. One easy mechanisms is to use a UsernameToken.