Author: buildbot
Date: Mon Dec 10 17:50:25 2012
New Revision: 841460
Log:
Staging update by buildbot for ode
Modified:
websites/staging/ode/trunk/content/ (props changed)
websites/staging/ode/trunk/content/ws-security-in-ode.html
Propchange: websites/staging/ode/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Dec 10 17:50:25 2012
@@ -1 +1 @@
-1418315
+1419606
Modified: websites/staging/ode/trunk/content/ws-security-in-ode.html
==============================================================================
--- websites/staging/ode/trunk/content/ws-security-in-ode.html (original)
+++ websites/staging/ode/trunk/content/ws-security-in-ode.html Mon Dec 10
17:50:25 2012
@@ -82,188 +82,168 @@
<div class="row">
<div class="span12">
<p><a name="WS-SecurityinODE-HowtouseWS-SecurityinODE?"></a></p>
-<h1 id="how-to-use-ws-security-in-ode">How to use WS-Security in ODE?</h1>
-<div class="alert alert-warning"><h4 class="alert-heading">Only in 1.3.2</h4>
+<h2 id="how-to-use-ws-security-in-ode">How to use WS-Security in ODE?</h2>
+<div class="alert alert-warning"><h4 class="alert-heading">Only in
1.3.2</h4></div>
- ODE 1.3.2 introduces support for WS-Security: secure services can now be
invoked from a process, and the process service itself might be secured. A
first part will explain how to invoke a secured service, a second part how to
secure the process service.
-
- ODE has an [Integration Layer based on Axis2|Architectural Overview#ODE
Integration Layers] so using Rampart, the Axis2 security modules, goes without
saying. As a result this section will only focus on Rampart integration.
Rampart and WS-Security specifications won't be detailed here. Please refer to
their ad-hoc documentations for further details.
-
- h2. Quick Rampart introduction
-
- As any other Axis2 module, Rampart is configurable with [Axis2 Service
configuration
files|http://ws.apache.org/axis2/1_0/axis2config.html#Service_Configuration].
For instance a service.xml document, using the parameter based configuration
model, might be:
-
- {code:xml}
- <service>
-
- <module ref="rampart" />
-
- <parameter name="OutflowSecurity">
- <action>
- <items>Timestamp Signature</items>
- <user>client</user>
-
<signaturePropFile>TestRampartBasic/secured-services/client.properties</signaturePropFile>
-
<passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
- <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
- </action>
- </parameter>
-
- <parameter name="InflowSecurity">
- <action>
- <items>Timestamp Signature</items>
-
<signaturePropFile>TestRampartBasic/secured-services/client.properties</signaturePropFile>
- </action>
- </parameter>
-
- </service>
- {code}
-
- Another example using WS-Security Policy based configuration model is
listed below. See the full document
[here|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-services/process-sample04_policy_in_service.xml/sample04-policy.axis2?view=markup].
- {code:xml}
- <service>
-
- <module ref="rampart"/>
-
- <wsp:Policy wsu:Id="SecConvPolicy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <!-- truncated, see original document ny
following the link above -->
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <!-- truncated, see original document ny
following the link above -->
- </wsp:Policy>
- </sp:Wss11>
- <sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <!-- truncated, see original document ny
following the link above -->
- </wsp:Policy>
- </sp:Trust10>
- <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:Body/>
- </sp:EncryptedParts>
- <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
- <ramp:user>client</ramp:user>
- <ramp:encryptionUser>service</ramp:encryptionUser>
-
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.PWCBHandler</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.file">TestRampartPolicy/secured-services/client.jks</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- <ramp:encryptionCypto>
- <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.file">TestRampartPolicy/secured-services/client.jks</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
- </ramp:crypto>
- </ramp:encryptionCypto>
-
- </ramp:RampartConfig>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- </service>
- {code}
-
- The important thing to notice is that these documents are plain [Axis2
Service configuration
files|http://ws.apache.org/axis2/1_0/axis2config.html#Service_Configuration].
And as explained in the [ODE User Guide|Endpoint Configuration#Additional
Configuration for SOAP Endpoints], a mechanism to handle these files already
exists. So all we have to do is reuse this mechanism, the rest is pure Rampart
configuration.
-
- Let's take an example and see the actual required steps.
-
- h2. How to invoke a secure web service?
-
- h3. Prepare your service document
- Assuming your process needs to invoke the secure service
\{http://sample03.policy.samples.rampart.apache.org}Sample03, the _first step_
is to prepare a service document named $\{process_bundle_dir}/Sample03.axis2
and containing your desired Rampart configuration.
- The _second step_ is to to make sure the resources needed to invoke the
services are available to Rampart through ODE webapp classpath. Typical
resources are :
- * password callback handler classes
- * Java keystores
- * property files containing keystore information
-
- h3. Add resources to ODE webapp classpath
- How you add these resources to ODE classpath might vary depending on your
application server, your global architecture or other criteria. So it's up to
you to figure this out. However typical locations are:
- * ode/WEB-INF/classes
- * ode/WEB-INF/lib
-
- h3. An alternative for WS-Security Policies
- If you're using the policy base configuration model, an alternative is
available to you: use the [endpoint property mechanism|Endpoint Configuration]
to attach the policy to the service. In that configuration, ODE will engage the
Rampart module and load the policy when the service is invoked.
- To do so:
- # save the Policy document (not the service document) in the file of your
choice. For instance mypolicy.xml
- # create an endpoint file linking the service and the policy file.
Basically with the two properties listed below. Note that if the path assigned
to the "security.policy.file" property is relative it will be resolved against
the process bundle directory. Of course if the path is absolute, it will be
used as is.
-
- {code}
- alias.sample03-ns=http://sample03.policy.samples.rampart.apache.org
- sample03-ns.sample03-policy.ode.security.policy.file=mypolicy.xml
- {code}
-
- h2. How to secure the web service exposed by a process?
-
- Applying security to a process service is no different from invoking a
secured service. If the process service you're exposing is
\{http://mycompany.com}AbscenceRequest. All you have to do is prepare a service
document named $\{process_bundle_dir}/AbscenceRequest.axis2 and containing your
Rampart configuration. Once again, it's up to you to add the required resources
in ODE webapp classpath.
-
- You can also use the property 'security.policy.file' to secure the process
service.
-
- h2. Do I need to install Rampart myself?
-
- No. ODE comes with the following Axis2 modules (and the jars they depend
on): Rampart, Rahas and Addressing.
-
- h2. Useful resources
-
- h3. Rampart material
- * the [list|http://wso2.org/projects/rampart/java] of Web Services
Security specifications supported by Rampart
- * [Rampart articles|http://ws.apache.org/rampart/articles.html]
- * [Rampart samples|http://ws.apache.org/rampart/samples.html]
- * [a Rampart
tutorial|https://wiki.internet2.edu/confluence/display/GrouperWG/The+Newcastle+University+Grouper+page]
-
- h3. ODE test cases
-
- h4. How to run them
-
- {code}
- $ cd axis2-war
- $ buildr test:Secure
- {code}
-
- h4. Where are the processes executed by the unit tests?
-
- The executed processes are generated by the build, so run the tests once,
then look into the following directories. Process directories are prefixed with
"process-".
- * axis2-war/target/test-classes/TestRampartPolicy/secured-services/
- * axis2-war/target/test-classes/TestRampartPolicy/secured-processes/
- * axis2-war/target/test-classes/TestRampartBasic/secured-services/
- * axis2-war/target/test-classes/TestRampartBasic/secured-processes/
-
- h4. the nitty-gritty details
-
- The integration with Rampart described in this section is tested with a
decent suite of unit tests. These unit tests are based on the [Rampart
samples|http://ws.apache.org/rampart/samples.html]. The [related
resources|http://svn.apache.org/repos/asf/webservices/rampart/branches/java/1_3/modules/rampart-samples/]
were imported into ODE repository.
- These tests are divided into two parts: tests using the parameter base
configuration model aka "basic tests" and tests using the policy base
configuration model aka "policy tests".
- ODE test cases reuse these test cases in two different scenarii:
- # the security configuration is applied to an "external" web service, and
a ODE process invokes it.
- # the security configuration is applied to the web service exposed by a
process.
-
- These partitions lead to four resource directories:
- *
[TestRampartBasic/secured-services|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-services/]
- *
[TestRampartBasic/secured-processes|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-processes/]
-
- *
[TestRampartPolicy/secured-services|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-services/]
- *
[TestRampartPolicy/secured-processes|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-processes/]
-
- Everything describes for TestRampartBasic applies to TestRampartPolicy. So
for now on we will mention only TestRampartBasic.
-
- For the "secured-services" scenario, the "external" web services are Axis
[archives|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-services/services/]
deployed in an Axis2 webapp.
-
- The corresponding unit test classes are [SecuredServicesTest.java and
SecuredProcessTest.java|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/java/org/apache/ode/axis2/rampart/basic/].
Each test class will start a list of processes that must succeed (as many
processes as Rampart samples actually).
- To avoid duplication these processes are generated by the build based on
two process templates:
[one|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-services/process-template/]
for the secured-services case,
[another|http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-processes/process-template/]
for the secured-processes case.
-
- The build generates processes into:
- *
axis2-war/target/test-classes/TestRampartPolicy/secured-services/process-*
- *
axis2-war/target/test-classes/TestRampartPolicy/secured-processes/process-*
- * axis2-war/target/test-classes/TestRampartBasic/secured-services/process-*
- *
axis2-war/target/test-classes/TestRampartBasic/secured-processes/process-*
+<p>ODE 1.3.2 introduces support for WS-Security: secure services can now be
invoked from a process, and the process service itself might be secured. A
first part will explain how to invoke a secured service, a second part how to
secure the process service.</p>
+<p>ODE has an <a
href="architectural-overview.html#ODE-Integration-Layers">Integration Layer
based on Axis2</a> so using Rampart, the Axis2 security modules, goes without
saying. As a result this section will only focus on Rampart integration.
Rampart and WS-Security specifications won't be detailed here. Please refer to
their ad-hoc documentations for further details.</p>
+<h3 id="quick-rampart-introduction">Quick Rampart introduction</h3>
+<p>As any other Axis2 module, Rampart is configurable with <a
href="http://ws.apache.org/axis2/1_0/axis2config.html#Service_Configuration";>Axis2
Service configuration files</a>. For instance a service.xml document, using
the parameter based configuration model, might be:</p>
+<div class="codehilite"><pre><span class="nt"><service></span>
+
+ <span class="nt"><module</span> <span class="na">ref=</span><span
class="s">"rampart"</span> <span class="nt">/></span>
+
+ <span class="nt"><parameter</span> <span class="na">name=</span><span
class="s">"OutflowSecurity"</span><span class="nt">></span>
+ <span class="nt"><action></span>
+ <span class="nt"><items></span>Timestamp Signature<span
class="nt"></items></span>
+ <span class="nt"><user></span>client<span
class="nt"></user></span>
+ <span
class="nt"><signaturePropFile></span>TestRampartBasic/secured-services/client.properties<span
class="nt"></signaturePropFile></span>
+ <span
class="nt"><passwordCallbackClass></span>org.apache.rampart.samples.sample04.PWCBHandler<span
class="nt"></passwordCallbackClass></span>
+ <span
class="nt"><signatureKeyIdentifier></span>DirectReference<span
class="nt"></signatureKeyIdentifier></span>
+ <span class="nt"></action></span>
+ <span class="nt"></parameter></span>
+
+ <span class="nt"><parameter</span> <span class="na">name=</span><span
class="s">"InflowSecurity"</span><span class="nt">></span>
+ <span class="nt"><action></span>
+ <span class="nt"><items></span>Timestamp Signature<span
class="nt"></items></span>
+ <span
class="nt"><signaturePropFile></span>TestRampartBasic/secured-services/client.properties<span
class="nt"></signaturePropFile></span>
+ <span class="nt"></action></span>
+ <span class="nt"></parameter></span>
+
+ <span class="nt"></service></span>
+</pre></div>
+
+
+<p>Another example using WS-Security Policy based configuration model is
listed below. See the full document <a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-services/process-sample04_policy_in_service.xml/sample04-policy.axis2?view=markup";>here</a>.</p>
+<div class="codehilite"><pre><span class="nt"><service></span>
+
+ <span class="nt"><module</span> <span class="na">ref=</span><span
class="s">"rampart"</span><span class="nt">/></span>
+
+ <span class="nt"><wsp:Policy</span> <span
class="na">wsu:Id=</span><span class="s">"SecConvPolicy2"</span>
<span class="na">xmlns:wsu=</span><span
class="s">"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"</span>
<span class="na">xmlns:wsp=</span><span
class="s">"http://schemas.xmlsoap.org/ws/2004/09/policy"</span><span
class="nt">></span>
+ <span class="nt"><wsp:ExactlyOne></span>
+ <span class="nt"><wsp:All></span>
+ <span class="nt"><sp:SymmetricBinding</span> <span
class="na">xmlns:sp=</span><span
class="s">"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"</span><span
class="nt">></span>
+ <span class="nt"><wsp:Policy></span>
+ <span class="c"><!-- truncated, see original
document ny following the link above --></span>
+ <span class="nt"></wsp:Policy></span>
+ <span class="nt"></sp:SymmetricBinding></span>
+ <span class="nt"><sp:Wss11</span> <span
class="na">xmlns:sp=</span><span
class="s">"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"</span><span
class="nt">></span>
+ <span class="nt"><wsp:Policy></span>
+ <span class="c"><!-- truncated, see original
document ny following the link above --></span>
+ <span class="nt"></wsp:Policy></span>
+ <span class="nt"></sp:Wss11></span>
+ <span class="nt"><sp:Trust10</span> <span
class="na">xmlns:sp=</span><span
class="s">"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"</span><span
class="nt">></span>
+ <span class="nt"><wsp:Policy></span>
+ <span class="c"><!-- truncated, see original
document ny following the link above --></span>
+ <span class="nt"></wsp:Policy></span>
+ <span class="nt"></sp:Trust10></span>
+ <span class="nt"><sp:EncryptedParts</span> <span
class="na">xmlns:sp=</span><span
class="s">"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"</span><span
class="nt">></span>
+ <span class="nt"><sp:Body/></span>
+ <span class="nt"></sp:EncryptedParts></span>
+ <span class="nt"><ramp:RampartConfig</span> <span
class="na">xmlns:ramp=</span><span
class="s">"http://ws.apache.org/rampart/policy"</span><span
class="nt">></span>
+ <span class="nt"><ramp:user></span>client<span
class="nt"></ramp:user></span>
+ <span
class="nt"><ramp:encryptionUser></span>service<span
class="nt"></ramp:encryptionUser></span>
+ <span
class="nt"><ramp:passwordCallbackClass></span>org.apache.rampart.samples.policy.sample04.PWCBHandler<span
class="nt"></ramp:passwordCallbackClass></span>
+
+ <span class="nt"><ramp:signatureCrypto></span>
+ <span class="nt"><ramp:crypto</span> <span
class="na">provider=</span><span
class="s">"org.apache.ws.security.components.crypto.Merlin"</span><span
class="nt">></span>
+ <span class="nt"><ramp:property</span> <span
class="na">name=</span><span
class="s">"org.apache.ws.security.crypto.merlin.keystore.type"</span><span
class="nt">></span>JKS<span class="nt"></ramp:property></span>
+ <span class="nt"><ramp:property</span> <span
class="na">name=</span><span
class="s">"org.apache.ws.security.crypto.merlin.file"</span><span
class="nt">></span>TestRampartPolicy/secured-services/client.jks<span
class="nt"></ramp:property></span>
+ <span class="nt"><ramp:property</span> <span
class="na">name=</span><span
class="s">"org.apache.ws.security.crypto.merlin.keystore.password"</span><span
class="nt">></span>apache<span class="nt"></ramp:property></span>
+ <span class="nt"></ramp:crypto></span>
+ <span class="nt"></ramp:signatureCrypto></span>
+ <span class="nt"><ramp:encryptionCypto></span>
+ <span class="nt"><ramp:crypto</span> <span
class="na">provider=</span><span
class="s">"org.apache.ws.security.components.crypto.Merlin"</span><span
class="nt">></span>
+ <span class="nt"><ramp:property</span> <span
class="na">name=</span><span
class="s">"org.apache.ws.security.crypto.merlin.keystore.type"</span><span
class="nt">></span>JKS<span class="nt"></ramp:property></span>
+ <span class="nt"><ramp:property</span> <span
class="na">name=</span><span
class="s">"org.apache.ws.security.crypto.merlin.file"</span><span
class="nt">></span>TestRampartPolicy/secured-services/client.jks<span
class="nt"></ramp:property></span>
+ <span class="nt"><ramp:property</span> <span
class="na">name=</span><span
class="s">"org.apache.ws.security.crypto.merlin.keystore.password"</span><span
class="nt">></span>apache<span class="nt"></ramp:property></span>
+ <span class="nt"></ramp:crypto></span>
+ <span class="nt"></ramp:encryptionCypto></span>
+
+ <span class="nt"></ramp:RampartConfig></span>
+ <span class="nt"></wsp:All></span>
+ <span class="nt"></wsp:ExactlyOne></span>
+ <span class="nt"></wsp:Policy></span>
+
+<span class="nt"></service></span>
+</pre></div>
+
+
+<p>The important thing to notice is that these documents are plain <a
href="http://ws.apache.org/axis2/1_0/axis2config.html#Service_Configuration";>Axis2
Service configuration files</a>. And as explained in the <a
href="endpoint-Configuration.html#Additional-Configuration-for-SOAP-Endpoints">ODE
User Guide</a>, a mechanism to handle these files already exists. So all we
have to do is reuse this mechanism, the rest is pure Rampart configuration.</p>
+<p>Let's take an example and see the actual required steps.</p>
+<h3 id="how-to-invoke-a-secure-web-service">How to invoke a secure web
service?</h3>
+<h4 id="prepare-your-service-document">Prepare your service document</h4>
+<p>Assuming your process needs to invoke the secure service
{http://sample03.policy.samples.rampart.apache.org}Sample03, the <em>first
step</em> is to prepare a service document named
${process_bundle_dir}/Sample03.axis2 and containing your desired Rampart
configuration.
+The <em>second step</em> is to to make sure the resources needed to invoke the
services are available to Rampart through ODE webapp classpath. Typical
resources are:</p>
+<ul>
+<li>password callback handler classes</li>
+<li>Java keystores</li>
+<li>property files containing keystore information</li>
+</ul>
+<h4 id="add-resources-to-ode-webapp-classpath">Add resources to ODE webapp
classpath</h4>
+<p>How you add these resources to ODE classpath might vary depending on your
application server, your global architecture or other criteria. So it's up to
you to figure this out. However typical locations are:</p>
+<ul>
+<li>ode/WEB-INF/classes</li>
+<li>ode/WEB-INF/lib</li>
+</ul>
+<h4 id="an-alternative-for-ws-security-policies">An alternative for
WS-Security Policies</h4>
+<p>If you're using the policy base configuration model, an alternative is
available to you: use the <a href="endpoint-configuration.html">endpoint
property mechanism</a> to attach the policy to the service. In that
configuration, ODE will engage the Rampart module and load the policy when the
service is invoked.
+To do so:
+<em> save the Policy document (not the service document) in the file of your
choice. For instance mypolicy.xml
+</em> create an endpoint file linking the service and the policy file.
Basically with the two properties listed below. Note that if the path assigned
to the "security.policy.file" property is relative it will be resolved against
the process bundle directory. Of course if the path is absolute, it will be
used as is.</p>
+<div
class="codehilite"><pre>alias.sample03-ns=http://sample03.policy.samples.rampart.apache.org
+sample03-ns.sample03-policy.ode.security.policy.file=mypolicy.xml
+</pre></div>
+
+
+<h3 id="how-to-secure-the-web-service-exposed-by-a-process">How to secure the
web service exposed by a process?</h3>
+<p>Applying security to a process service is no different from invoking a
secured service. If the process service you're exposing is
{http://mycompany.com}AbscenceRequest. All you have to do is prepare a service
document named ${process_bundle_dir}/AbscenceRequest.axis2 and containing your
Rampart configuration. Once again, it's up to you to add the required resources
in ODE webapp classpath.</p>
+<p>You can also use the property 'security.policy.file' to secure the process
service.</p>
+<h3 id="do-i-need-to-install-rampart-myself">Do I need to install Rampart
myself?</h3>
+<p>No. ODE comes with the following Axis2 modules (and the jars they depend
on): Rampart, Rahas and Addressing.</p>
+<h3 id="useful-resources">Useful resources</h3>
+<h4 id="rampart-material">Rampart material</h4>
+<ul>
+<li>the <a href="http://wso2.org/projects/rampart/java] of Web Services
Security specifications supported by Rampart">list</a></li>
+<li><a href="http://ws.apache.org/rampart/articles.html";>Rampart
articles</a></li>
+<li><a href="http://ws.apache.org/rampart/samples.html";>Rampart
samples</a></li>
+<li><a
href="https://wiki.internet2.edu/confluence/display/GrouperWG/The+Newcastle+University+Grouper+page";>a
Rampart tutorial</a></li>
+</ul>
+<h4 id="ode-test-cases">ODE test cases</h4>
+<h5 id="how-to-run-them">How to run them</h5>
+<div class="codehilite"><pre>$ cd axis2-war
+$ buildr test:Secure
+</pre></div>
+
+
+<h5 id="where-are-the-processes-executed-by-the-unit-tests">Where are the
processes executed by the unit tests?</h5>
+<p>The executed processes are generated by the build, so run the tests once,
then look into the following directories. Process directories are prefixed with
"process-".
+<em> axis2-war/target/test-classes/TestRampartPolicy/secured-services/
+</em> axis2-war/target/test-classes/TestRampartPolicy/secured-processes/
+<em> axis2-war/target/test-classes/TestRampartBasic/secured-services/
+</em> axis2-war/target/test-classes/TestRampartBasic/secured-processes/</p>
+<h5 id="the-nitty-gritty-details">the nitty-gritty details</h5>
+<p>The integration with Rampart described in this section is tested with a
decent suite of unit tests. These unit tests are based on the <a
href="http://ws.apache.org/rampart/samples.html";>Rampart samples</a>. The <a
href="http://svn.apache.org/repos/asf/webservices/rampart/branches/java/1_3/modules/rampart-samples/";>related
resources</a> were imported into ODE repository.</p>
+<p>These tests are divided into two parts: tests using the parameter base
configuration model aka "basic tests" and tests using the policy base
configuration model aka "policy tests".</p>
+<p>ODE test cases reuse these test cases in two different scenarii:</p>
+<h1
id="the-security-configuration-is-applied-to-an-external-web-service-and-a-ode-process-invokes-it">the
security configuration is applied to an "external" web service, and a ODE
process invokes it.</h1>
+<h1
id="the-security-configuration-is-applied-to-the-web-service-exposed-by-a-process">the
security configuration is applied to the web service exposed by a process.</h1>
+<p>These partitions lead to four resource directories:
+<em> <a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-services/";>TestRampartBasic/secured-services</a>
+</em> <a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-processes/";>TestRampartBasic/secured-processes</a></p>
+<ul>
+<li><a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-services/";>TestRampartPolicy/secured-services</a></li>
+<li><a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-processes/";>TestRampartPolicy/secured-processes</a></li>
+</ul>
+<p>Everything describes for TestRampartBasic applies to TestRampartPolicy. So
for now on we will mention only TestRampartBasic.</p>
+<p>For the "secured-services" scenario, the "external" web services are Axis
<a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-services/services/";>archives</a>
deployed in an Axis2 webapp.</p>
+<p>The corresponding unit test classes are <a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/java/org/apache/ode/axis2/rampart/basic/";>SecuredServicesTest.java
and SecuredProcessTest.java</a>. Each test class will start a list of
processes that must succeed (as many processes as Rampart samples actually).</p>
+<p>To avoid duplication these processes are generated by the build based on
two process templates: <a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-services/process-template/";>one</a>
for the secured-services case, <a
href="http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartBasic/secured-processes/process-template/";>another</a>
for the secured-processes case.</p>
+<p>The build generates processes into:
+<em>
axis2-war/target/test-classes/TestRampartPolicy/secured-services/process-</em>
+<em>
axis2-war/target/test-classes/TestRampartPolicy/secured-processes/process-</em>
+<em>
axis2-war/target/test-classes/TestRampartBasic/secured-services/process-</em>
+<em>
axis2-war/target/test-classes/TestRampartBasic/secured-processes/process-</em></p>
</div>
</div>
