Really thank you for taking time to explain this. I now understand the rational, but I still need to resolve the practical business of engaging these modules from an EE application without resorting to filepaths. What is the significance of .mar extension? Is it just a notation that has a special meaning to Axis?
I noticed the method ConfigurationContextFactory.createBasicConfiguration(String resource) method. Is the "resource" parameter an "axis2.xml" file (that also lists the rampart and rahas modules)? Also, should those modules be placed on the classpath in order to be engaged? Thank you, -a From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Thursday, 16 August, 2012 17:48 To: java-user@axis.apache.org Subject: RE: Need advice how to run Axis2/Rampart client from Webshere MG>your focus seems to be implementing WS-Security which is implemented by wss4j MG> the wss4j specific 'Context' used by wss4j is implemented by class org\apache\ws\security\message\WSSecSecurityContextToken.java MG>WSS4J testcase to test the capability of WSSecSecurityContextToken is called test\java\org\apache\ws\security\message\SecurityContextTokenTest.java MG>adding external functions to Axis2 such as logging, addressing and security are implemented as *engagable modules* ( which can be built as mars and then later 'engaged') MG>to your Axis2 webapp MG>Axis Rampart module covers 3 technologies MG>WS-Security, WS-Trust and WS-SecureConversation MG>As WSS4J is a DOM based technology (vs SAX) and Axis is a AXIOM based technology a 'bridge technology' was created called DOOM to incorporate DOM->Axiom MG>Axiom->DOM conversions here is background Rampart uses WSS4J for securing SOAP messages. WSS4J is an Apache project which implements the WS-Security specification. SOAP messages are signed according to the <a href="http://www.w3.org/TR/xmlenc-core/";>XML Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/";>XML Digital Signature</a> specifications, encrypted according to the <a href="http://www.w3.org/TR/xmlenc-core/";>XML Encryption</a> and <a href="http://www.w3.org/TR/xmldsig-core/";>XML Digital Signature</a> specifications, but the WS-Security specification introduces an additional set of rules. Therefore WSS4J ensures that SOAP messages are signed according to all the rules defined in the (above) specifications. WSS4J uses Apache's <a href="http://santuario.apache.org/Java/index.html";>xmlsec libraries</a> for XML Encryption and XML Digital Signature.</p> Rather than re-inventing the wheel, it was decided to use WSS4J for SOAP message security in Rampart but there was a fundamental problem. WSS4J and all the incorporating XML security libraries use "DOM" for parsing and generating XML, while Axis2 uses "AXIOM" as the object model. This was resolved by using a new object model named "DOOM". DOOM is both AXIOM and DOM implementations. Therefore you can manipulate/access a DOOM object structure through DOM interfaces and AXIOM interfaces.</p> When Rampart is engaged and configured, the incoming SOAP messages are converted to the bridge technology called DOOM. Since DOOM *implements the DOM interface* it is possible for WSS4J to process messages. After performing the security validations, before flushing the message down the message inflow, the DOOM SOAP message is converted back to OM. At the outgoing flow, the message is converted back into DOOM and then the security functions are performed using WSS4J.</p> MG> Sorry, I don't see how it answers my question. MG>I take it you're new to SOAP 1.2 Specification and Axis2 implementations perhaps you want to take a look at some tutorials MG>but beforehand It would be helpful to have a firm grasp on Axis2 fundamentals MG>http://axis.apache.org/axis2/java/core/docs/installationguide.html Thanks, MG>Youre welcome -a From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Thursday, 16 August, 2012 14:27 To: java-user@axis.apache.org Subject: RE: Need advice how to run Axis2/Rampart client from Webshere I would use Fernando's Test Code for WSS4J contents of wss40.properties: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=security org.apache.ws.security.crypto.merlin.keystore.alias=wss40 org.apache.ws.security.crypto.merlin.keystore.file=keys/wss40.jks package org.apache.ws.security.message; public class SecurityContextTokenTest { public org.apache.ws.security.components.crypto.Crypto crypto = org.apache.ws.security.components.crypto.CryptoFactory.getInstance("wss40.properties"); try { org.w3c.dom.Document doc = org.apache.ws.security.common.SOAPUtil.toSOAPPart(org.apache.ws.security.common.SOAPUtil.SAMPLE_SOAP_MSG); org.apache.ws.security.message.WSSecHeader secHeader = new org.apache.ws.security.message.WSSecHeader(); secHeader.insertSecurityHeader(doc); org.apache.ws.security.message.WSSecSecurityContextToken sctBuilder = new org.apache.ws.security.message.WSSecSecurityContextToken(); sctBuilder.prepare(doc, crypto); sctBuilder.prependSCTElementToHeader(doc, secHeader); String out = org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(doc); if (LOG.isDebugEnabled()) { LOG.debug(out); } assertTrue( "SecurityContextToken missing", out.indexOf(org.apache.ws.security.conversation.ConversationConstants.SECURITY_CONTEXT_TOKEN_LN) > 0 ); assertTrue( "wsc:Identifier missing", out.indexOf(org.apache.ws.security.conversation.ConversationConstants.IDENTIFIER_LN) > 0 ); } catch (Exception e) { e.printStackTrace(); fail(e.getMessage()); } I would locate the code in the WAR and NOT in the ejb code but if you want to finesse the CL order goto http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Fcrun_classload.html<http://pic.dhe.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/crun_classload.html> Martin Gainty ______________________________________________ Jogi és Bizalmassági kinyilatkoztatás/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Ez az üzenet bizalmas. Ha nem ön az akinek szánva volt, akkor kérjük, hogy jelentse azt nekünk vissza. Semmiféle továbbítása vagy másolatának készítése nem megengedett. Ez az üzenet csak ismeret cserét szolgál és semmiféle jogi alkalmazhatósága sincs. Mivel az electronikus üzenetek könnyen megváltoztathatóak, ezért minket semmi felelöség nem terhelhet ezen üzenet tartalma miatt. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfal tet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. ________________________________ From: aaron.stro...@rsa.com To: java-user@axis.apache.org Date: Thu, 16 Aug 2012 12:19:14 -0400 Subject: Need advice how to run Axis2/Rampart client from Webshere Hello, I need to be able to make web service calls using WS-Security from the application that runs on Websphere. Are there any instructions how to do that? My prototype standalone client sets up the ConfigurationContext as follows ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem("c:/stage/axis2-1.6.2/repository", null); How can it be done in the web application environment where the application is packaged in .ear file? TIA, -a
