On Wed April 22 2009 11:39:14 pm Jarek Gawor wrote: > CXF has all the security modules > within it (AFAIK).
Not REALLY true with the way CXF is pulled into Geronimo. Geronimo doesn't include those modules. For the most part, getting them added in would just be adding a maven dependency on cxf-rt-ws-security (and cxf-rt-ws-policy to make the SecurityPolicy stuff work). Maven should then grab those and get them included into Geronimo. As long as it ends up in the same classloader as all the rest of the cxf stuff, cxf should auto-detect it and enable it. Once you do that (and upgrade to CXF 2.2.x), all the WS-SecurityPolicy stuff should "just work" if the policy is in the wsdl. Thus, that part of you project could be as simple as that. (obviously, that's a small part of the project) You could probably even grab the CXF versions of the Microsoft PlugFest stuff and try running them in Geronimo: https://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/ (As an aside: too late now, but getting the MS PlugFest stuff running in G would have been a good addition to the proposal from a testing standpoint. Wish I would have thought of that earlier.) I'm really not sure how much you really want to dig into WSS4J. That's very low level security stuff which is pretty complex and may not be worth your time. Rampart and CXF's SecurityPolicy implementations do an excellent job of abstracting that stuff out and driving it by interpretting the policies. About the only thing you need to know about wss4j when going the policy route is how to setup the Merlin properties files for the keystores and such. Dan > Rahul, > > In terms of Geronimo here are some docs that might be helpful (some > info might be out of date): > > 1) Some basic GBean information - you will see/work with them a lot: > > http://cwiki.apache.org/GMOxDOC22/developing-and-deploying-a-geronimo-gbean >.html http://cwiki.apache.org/confluence/display/GMOxDEV/GBean+Annotations > > 2) Basic classloading and plugin information in Geronimo. > > http://cwiki.apache.org/GMOxDOC22/classloading.html > http://cwiki.apache.org/confluence/display/GMOxDEV/Plugin+Guide > > In terms of code you will probably be working with the following modules: > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis2/ > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/ > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/ > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/ > > I trust you to find the basic Axis2 and CXF info :) > > I believe both use WSS4J project for WS-Security > (http://ws.apache.org/wss4j/). Axis2 has a separate project that > provides web services security features: Rampart > (http://ws.apache.org/rampart/). CXF has all the security modules > within it (AFAIK). > > Hope this helps you get started. > > Jarek > > On Tue, Apr 21, 2009 at 3:33 PM, rahul.soa <[email protected]> wrote: > > Hello everyone, > > > > I want to start with some reading and understanding with the geronimo's > > components which will be involved in this project. So can you please > > point me to the appropriate documentation for the same. If you want to > > know more about the proposal then feel free to look at the descriptive > > project proposal on the below link: > > > > http://wiki.apache.org/general/rahulsoa > > > > Thanks in advance. > > > > Best Regards, > > Rahul -- Daniel Kulp [email protected] http://www.dankulp.com/blog
