On May 11, 2009, at 3:24 PM, rahul.soa wrote:
Hello everyone,
As you know I am working on the support of ws-security module, so I
did some research about integrating the modules in Apache Geronimo
for the same.
For the integrating/enabling WS-Security support, I think we need to
have the following jars and modules in Geronimo:
Apache CXF:
For WS-Security support we need to have following jar files from the
CXF:
- bcprov-jdk15.jar
Previously when we used some bouncy castle classes the jar included
some classes that may well have infringed some us patents. I think I
saw somewhere that bouncy castle had finally released a jar without
thses classes. We should verify that this jar does not contain these
classes. Also, we have copies of a bunch of the bc classes we need
for other purposes in the geronimo-crypto module, so we should check
that we don't already have the needed classes.
- xalan.jar
really? I'd like to know why the xml transform support in the jdk is
not sufficient.
- serializer.jar
- wss4j.jar
- xmlsec.jar
Apache Axis2
1. We need to integrate "Rampart*" module of axis2,
2. for step 1, need to download the Java Cryptography Extension
(JCE) Unlimited Strength Jurisdiction Policy Files corresponding to
JDK version and extract the jar files local_policy.jar and
US_export_policy.jar to $JAVA_HOME/jre/lib/security
These are not something we can include, right? they'd have to be
installed by the end user?
3. for step 1, need to download bouncycastle according to java
version separately
*Rampart is the security module of Axis2
Please let me know if I am missing something and please also guide
me how can I get them in Geronimo.
That depends partly on the classloader relationships needed between
the main cxf/axis2 jars and these new ones. If appropriate cxf/axis2
jars and these jars can be in a classloader that is a child of the cxf/
axis2 "main" plugin classloaders, you should probably make cxf-wss and
axis2-wss plugins with all the security related jars as dependencies.
If this doesn't work and the classes need to be in the main cxf/axis2
plugin classloader then you probably need to just add these as
dependencies.
thanks
david jencks
Thanks in advance.
Regards,
Rahul
