Hello Daniel, Thanks for your informative points. I will try to follow them and get back to you if I stuck somewhere.
Best Regards, Rahul On Thu, Apr 23, 2009 at 3:41 PM, Daniel Kulp <[email protected]> wrote: > On Wed April 22 2009 11:39:14 pm Jarek Gawor wrote: > > > CXF has all the security modules > > within it (AFAIK). > > Not REALLY true with the way CXF is pulled into Geronimo. Geronimo > doesn't > include those modules. For the most part, getting them added in would > just > be adding a maven dependency on cxf-rt-ws-security (and cxf-rt-ws-policy to > make the SecurityPolicy stuff work). Maven should then grab those and get > them included into Geronimo. As long as it ends up in the same classloader > as > all the rest of the cxf stuff, cxf should auto-detect it and enable it. > Once > you do that (and upgrade to CXF 2.2.x), all the WS-SecurityPolicy stuff > should > "just work" if the policy is in the wsdl. Thus, that part of you project > could be as simple as that. (obviously, that's a small part of the > project) > You could probably even grab the CXF versions of the Microsoft PlugFest > stuff > and try running them in Geronimo: > > https://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/ws_security/interopfest/ > > (As an aside: too late now, but getting the MS PlugFest stuff running in G > would have been a good addition to the proposal from a testing standpoint. > Wish I would have thought of that earlier.) > > I'm really not sure how much you really want to dig into WSS4J. That's > very > low level security stuff which is pretty complex and may not be worth your > time. Rampart and CXF's SecurityPolicy implementations do an excellent > job > of abstracting that stuff out and driving it by interpretting the policies. > About the only thing you need to know about wss4j when going the policy > route > is how to setup the Merlin properties files for the keystores and such. > > > Dan > > > > > Rahul, > > > > In terms of Geronimo here are some docs that might be helpful (some > > info might be out of date): > > > > 1) Some basic GBean information - you will see/work with them a lot: > > > > > http://cwiki.apache.org/GMOxDOC22/developing-and-deploying-a-geronimo-gbean > >.html > http://cwiki.apache.org/confluence/display/GMOxDEV/GBean+Annotations > > > > 2) Basic classloading and plugin information in Geronimo. > > > > http://cwiki.apache.org/GMOxDOC22/classloading.html > > http://cwiki.apache.org/confluence/display/GMOxDEV/Plugin+Guide > > > > In terms of code you will probably be working with the following modules: > > > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/axis2/ > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/cxf/ > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/jaxws/ > > http://svn.apache.org/viewvc/geronimo/server/trunk/plugins/webservices/ > > > > I trust you to find the basic Axis2 and CXF info :) > > > > I believe both use WSS4J project for WS-Security > > (http://ws.apache.org/wss4j/). Axis2 has a separate project that > > provides web services security features: Rampart > > (http://ws.apache.org/rampart/). CXF has all the security modules > > within it (AFAIK). > > > > Hope this helps you get started. > > > > Jarek > > > > On Tue, Apr 21, 2009 at 3:33 PM, rahul.soa <[email protected]> > wrote: > > > Hello everyone, > > > > > > I want to start with some reading and understanding with the geronimo's > > > components which will be involved in this project. So can you please > > > point me to the appropriate documentation for the same. If you want to > > > know more about the proposal then feel free to look at the descriptive > > > project proposal on the below link: > > > > > > http://wiki.apache.org/general/rahulsoa > > > > > > Thanks in advance. > > > > > > Best Regards, > > > Rahul > > -- > Daniel Kulp > [email protected] > http://www.dankulp.com/blog >
