Apache Rampart

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and their clients. Apache Rampart configuration allows providing a password callback handler class, that can be used to provide passwords needed for Rampart engine to build username tokens and create signatures when sending messages. It is also used to provide passwords required to validate incoming username tokens and decrypt encrypted content in incoming messages. In this tutorial, Nandana Mihindukulasooriya will go through possible usage scenarios of password callback handler and describe how to configure Rampart and write password callback handlers to suit each of those usage scenarios.

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and clients. Rampart currently implements WS-SOAP message security , WS-Security policy , WS-Secure conversation and WS-Trust specifications. In part one of this tutorial, we looked at applying transport-level security to a Web service and a client. In this tutorial, we will look at how to apply message-level security to a Web service and a client using Apache Rampart. Nandana Mihindukulasooriya explains..

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and their clients. Rampart currently implements WS-Security, WS-SecurityPolicy , WS-SecureConversation and WS-Trust specifications. In this tutorial, we will look at applying transport level security to a Web service or a client using Apache Rampart.

WS-Security Policy specification defines a standard way to define how to secure messages exchanged between Web services and clients.  WS-Security policy language can be used to publish security requirements and constrains of a Web service using the WSDL specification. That is, using WS – security policy language, we can drive a Web service security engine to secure out going messages in a certain way and instruct the verification of incoming messages in a standard, defined way. In this article by Nandana Mihindukulasooriya, he looks at main components of the WS–Security Policy Language and how these components can be combined to build a security policy that fulfills security requirements of a Web service.