Author: shankar
Date: Mon Apr 20 12:24:10 2009
New Revision: 766668
URL: http://svn.apache.org/viewvc?rev=766668&view=rev
Log:
Document modification for 1.3 release
Added:
webservices/rampart/trunk/c/release_process
Modified:
webservices/rampart/trunk/c/AUTHORS
webservices/rampart/trunk/c/ChangeLog
webservices/rampart/trunk/c/INSTALL
webservices/rampart/trunk/c/NEWS
webservices/rampart/trunk/c/NOTICE
webservices/rampart/trunk/c/project.properties
webservices/rampart/trunk/c/samples/ABOUT_SAMPLES
webservices/rampart/trunk/c/samples/INSTALL
webservices/rampart/trunk/c/samples/secpolicy/README
webservices/rampart/trunk/c/xdocs/api/doxygenconf
Modified: webservices/rampart/trunk/c/AUTHORS
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/AUTHORS?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/AUTHORS (original)
+++ webservices/rampart/trunk/c/AUTHORS Mon Apr 20 12:24:10 2009
@@ -1,9 +1,11 @@
Developers
----------
+Samisa Abeysinghe
+Dushshantha Chandradasa
+Supun Kamburugamuva
Kaushalye Kapuruge
Manjula Peiris
Dumindu Pallewela
-Samisa Abeysinghe
+Milinda Pathirage
Sanjaya Ratnaweera
-Dushshantha Chandradasa
Selvaratnam Uthaiyashankar
Modified: webservices/rampart/trunk/c/ChangeLog
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/ChangeLog?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/ChangeLog (original)
+++ webservices/rampart/trunk/c/ChangeLog Mon Apr 20 12:24:10 2009
@@ -1,3 +1,12 @@
+Rampart/C 1.3.0
+ * WS-Secure Conversation Language support
+ * WS-Trust Language support
+ * Rahas module to give STS support to a service
+ * Rampart functionality and Rampart module are splitted into two libraries
+ * Memory leak fixes
+ * Many bug fixes
+--Rampart-C team <[email protected]> 20 Apr 2009
+
Rampart/C 1.2.0
* WS-Secure Conversation Language support (Experimental)
* WS-Trust Language support (Experimental)
Modified: webservices/rampart/trunk/c/INSTALL
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/INSTALL?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/INSTALL (original)
+++ webservices/rampart/trunk/c/INSTALL Mon Apr 20 12:24:10 2009
@@ -14,7 +14,7 @@
Build the source
This can be done using the following command sequence:
- ./configure --prefix=${AXIS2C_HOME} --enable-static=no
--with-axis2=${AXIS2C_HOME}/include/axis2-1.3.1
+ ./configure --prefix=${AXIS2C_HOME} --enable-static=no
--with-axis2=${AXIS2C_HOME}/include/axis2-1.6.0
make
make install
@@ -28,12 +28,12 @@
======================================================
1. Copy modules/rampart to $AXIS2C_HOME/modules
2. Copy lib/* to $AXIS2C_HOME/lib
-3. Copy bin/samples/server/* to $AXIS2C_HOME/services/
+3. Copy services/* to $AXIS2C_HOME/services/
4. Engage rampart as described in section "Engaging Rampart/C with axis2/C"
-5. Copy bin/samples/* to $AXIS2C_HOME/bin/samples/rampart. This will copy
callback modules etc.
-6. Go to bin/samples/client/sec_echo/ and deploy the client repo
+5. Copy samples/* to $AXIS2C_HOME/samples/. This will copy callback modules
etc.
+6. Go to samples/src/rampartc/client/ and deploy the client repo
%sh deploy_client_repo.sh
-7. Go to bin/samples/secpolicy/ and try a scenario
+7. Go to samples/src/rampartc/secpolicy/ and try a scenario
%sh test_scen.sh scenarioX server-port
@@ -82,7 +82,18 @@
Add following entry either to axis2.xml(gloabl level) or in
services.xml(service level).
<module ref="rampart"/>
-Then add following Security phase to the phase order in the outflow in the
axis2.xml.
+If you want to provide Secure Token Service (STS) functionality to a service,
add the following entry to services.xml.
+ <module ref="rahas"/>
+
+Then add following Security phase to the phase order in the inflow and outflow
in the axis2.xml.
+ <phaseOrder type="inflow">
+ <phase name="Transport"/>
+ <phase name="PreDispatch"/>
+ <phase name="Dispatch"/>
+ <phase name="PostDispatch"/>
+ <phase name="Security" />
+ <phase name="Rahas"/>
+ </phaseOrder>
<phaseOrder type="outflow">
<phase name="MessageOut"/>
<phase name="Security"/>
@@ -95,7 +106,7 @@
Try samples on Linux
===============================
-There are several scenarios available under samples/secpolicy
+There are several scenarios available under samples/secpolicy (or
samples/src/rampartc/secpolicy if you are using binary distribution)
Run a scenario that you'd like to try using the script test_scen.sh
Syntax: test_scen.sh scenario server_port
E.g. %sh test_scen.sh scenario3 9090
@@ -105,17 +116,14 @@
===============================
There are several scenarios that you can try out with the sec_echo sample of
the Rampart/C distribution.
-You can find more about it from the README file inside samples\secpolicy
folder.
+You can find more about it from the README file inside samples\secpolicy
folder. (or samples\src\rampartc\secpolicy if you are using binary distribution)
1. Set the AXIS2C_HOME envirionment variable to direct to your Axis2/C
Installation.
SET AXIS2C_HOME=[your-path-to-axis2c]
-2. Run the deploy_client_repo.bat file found in the samples\client\sec_echo
folder.
- This will create an axis2 client repository for the samples in the
AXIS2C_HOME\client_repo directory.
-
-To specify policies in the client side, please drop your policy.xml to the
same directory as in axis2.xml
-To specify policies in the server side, please add policy assertions to the
services.xml.
-Please find such sample policy files under samples/secpolicy/scenarioX. Note
that you must replace both the client and service policies for a particular
scenario.
-
+Run a scenario that you'd like to try using the script test_scen.bat
+ Syntax: test_scen.bat scenario server_port
+ E.g. test_scen.bat scenario3 9090
+Note: You may use a TCP Monitor to see the wire content. In that case replace
the server_port with the target port.
Thank you for using Rampart/C
Modified: webservices/rampart/trunk/c/NEWS
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/NEWS?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/NEWS (original)
+++ webservices/rampart/trunk/c/NEWS Mon Apr 20 12:24:10 2009
@@ -1,3 +1,4 @@
+Apache Rampart/C version 1.3.0
Apache Rampart/C is the security module for Apache Axis2/C
You can get the latest svn checkout from
https://svn.apache.org/repos/asf/webservices/rampart/trunk/c
@@ -23,7 +24,7 @@
- Signature confirmation support
- SOAP Header signing
-5. WS-Security Policy (spec 1.1) based configurations
+5. WS-Security Policy (spec 1.1 & spec 1.2) based configurations
- Support for both Symmetric as well as Asymmetric policy bindings
- Support for different modes of key identifiers
- Support for different algorithm suites
@@ -43,17 +44,20 @@
- Password callback module
- Authentication module
- Credentials module
+ - Replay detection module
+ - Secure conversation token module
9. Keys management
- Support for X509 token profile
- Support for Key identifiers, Thumb prints, Issuer/Serial pairs, Embedded
and Direct references
-10. WS-Secure Conversation Language support (Experimental)
+10. WS-Secure Conversation Language support
- Establishing Security Context and thereby maintaining a session
- Per message key derivation
- Support for stored securtiy context token
+ - Rahas module support to give STS functionality to a service
-11. WS-Trust Language support (Experimental)
+11. WS-Trust Language support
- Security Token Services (STS)
- STS Client
- Server and Client entrophy support
@@ -61,6 +65,7 @@
12. SAML Support
- Support for Creation and Processing of SAML Core 1.1 Assertions
- SAML Token as Sign Supporting Token
+ - Signing and Encryption with SAML
10. Other
- Easy to use deployment scripts
@@ -68,17 +73,16 @@
Major Changes Since Last Release
--------------------------------
-1. WS-Secure Conversation Language support (Experimental)
-2. WS-Trust Language support (Experimental)
-3. SAML 1.1 Support
+1. WS-Secure Conversation Language support
+2. WS-Trust Language support
+3. Rahas module to give STS support to a service
4. Memory leak fixes
5. Many bug fixes
Planned to be implemented Architecture Features
------------------------------------
-1. Signing and Encryption with SAML
-2. WS-Trust : Client/Server challenege response protocol
+1. WS-Trust : Client/Server challenege response protocol
We welcome your early feedback on this implementation.
Modified: webservices/rampart/trunk/c/NOTICE
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/NOTICE?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/NOTICE (original)
+++ webservices/rampart/trunk/c/NOTICE Mon Apr 20 12:24:10 2009
@@ -1,5 +1,5 @@
Apache Rampart/C
-Copyright 2005, 2006, 2007, 2008 The Apache Software Foundation
+Copyright 2005-2009 The Apache Software Foundation
This product includes software developed at
The Apache Software Foundation (http://www.apache.org/).
Modified: webservices/rampart/trunk/c/project.properties
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/project.properties?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/project.properties (original)
+++ webservices/rampart/trunk/c/project.properties Mon Apr 20 12:24:10 2009
@@ -14,7 +14,7 @@
# limitations under the License.
# -------------------------------------------------------------------
-rampartc_version=1.2.0
+rampartc_version=1.3.0
maven.xdoc.date=left
maven.xdoc.version=${pom.currentVersion}
maven.xdoc.includeProjectDocumentation=no
Added: webservices/rampart/trunk/c/release_process
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/release_process?rev=766668&view=auto
==============================================================================
--- webservices/rampart/trunk/c/release_process (added)
+++ webservices/rampart/trunk/c/release_process Mon Apr 20 12:24:10 2009
@@ -0,0 +1,136 @@
+RAMPART/C release process
+==========================
+
+1. Get a svn checkout from the trunk.
+2. Change the version numbers and update the following files.
+ * ChangeLog
+ NEWS
+ NOTICE (for years)
+ project.properties
+ AUTHORS (if there are new)
+ project.xml
+ configure.ac & Makefile.am (in configure.ac change the VERSION_NO also)
+ build.sh
+ build/win32/makefile
+ build/win32/make_bin_dist.bat
+ xdocs\api\doxygenconf
+ INSTALL file
+ samples/build.sh
+
+
+3. Update the documents inside xdocs
+ * download.html
+ * index.html
+ * installationguide.html
+ * axis2c_manual
+
+4. Run the build.sh
+ make sure for the configure option you have the following.
+ sh configure --prefix=${AXIS2C_HOME} --enable-tests=yes
--with-apache2=/usr/local/apache2/include --enable-tcp=yes
--with-archive=/usr/include
+
+5. Create the source distribution
+ * Should have maven 1.0.2 installed (for "maven site" command)
+ * make dist
+
+6. Create the binay distribution
+ * make bindist
+
+7. Test the source and binary distributions
+
+8. Test the source distribution in Windows and create the Sorce zip
+ and the windows binary
+
+ Building Windows Binary
+ --------------------------
+
+ Edit the build/win32/configure.in as follows
+
+ * CRUNTIME = /MT
+ * EMBED_MANIFEST = 0
+ * DEBUG = 0
+
+ To create the binary distribution
+
+ * nmake dist
+
+
+9. Sign the packs
+ * use existing key pair if you have
+ * To create a new key pair
+ gpg --gen-key
+ key selection default
+ key size 2048
+ key never expire
+ real name:Manjula Peiris
+ comment:
+ generated user id is:
+ "Manjula Peiris<[email protected]>"
+ passphrase temp_12_word
+
+ keys will be created in ~/.gnupg directory.
+
+ * cd to the directory which contains the pack and export keys
+ gpg --armor --export [email protected] > KEYS
+
+ generated message is:
+ You need a Passphrase to protect your secret key.
+ by default key is created in ~/.gnupg
+
+ * Use following script to sign the keys
+
+ #!/bin/bash
+
+ SRC_TAR_GZ=axis2c-src-1.6.0.tar.gz
+ LIN_BIN_TAR_GZ=axis2c-bin-1.6.0-linux.tar.gz
+ SRC_ZIP=axis2c-src-1.6.0.zip
+ WIN32_BIN_ZIP=axis2c-bin-1.6.0-win32.zip
+ SRC_TAR_GZ_MD5=$SRC_TAR_GZ.md5
+ LIN_BIN_TAR_GZ_MD5=$LIN_BIN_TAR_GZ.md5
+ SRC_ZIP_MD5=$SRC_ZIP.md5
+ WIN32_BIN_ZIP_MD5=$WIN32_BIN_ZIP.md5
+ SRC_TAR_GZ_ASC=$SRC_TAR_GZ.asc
+ LIN_BIN_TAR_GZ_ASC=$LIN_BIN_TAR_GZ.asc
+ SRC_ZIP_ASC=$SRC_ZIP.asc
+ WIN32_BIN_ZIP_ASC=$WIN32_BIN_ZIP.asc
+
+ rm -f *.asc
+ rm -f *.md5
+
+ echo "Creating MD5"
+ openssl md5 < $SRC_TAR_GZ > $SRC_TAR_GZ_MD5
+ openssl md5 < $LIN_BIN_TAR_GZ > $LIN_BIN_TAR_GZ_MD5
+ openssl md5 < $SRC_ZIP > $SRC_ZIP_MD5
+ openssl md5 < $WIN32_BIN_ZIP > $WIN32_BIN_ZIP_MD5
+
+ echo "To sign please enter password for the private key"
+ gpg --armor --output $SRC_TAR_GZ_ASC --detach-sig $SRC_TAR_GZ
+ gpg --armor --output $LIN_BIN_TAR_GZ_ASC --detach-sig $LIN_BIN_TAR_GZ
+ gpg --armor --output $SRC_ZIP_ASC --detach-sig $SRC_ZIP
+ gpg --armor --output $WIN32_BIN_ZIP_ASC --detach-sig $WIN32_BIN_ZIP
+
+ echo "DONE"
+
+10. Copy the source, binary packs to your directory in people.apache.org
+
+ rm -rf 1.6.0
+ rm -f 1.6.0.tar.gz
+ mkdir 1.6.0
+ cp -f ../KEYS 1.6.0
+ cp -f axis2c-* 1.6.0
+ tar -zcf axis2c_1.6.0.tar.gz 1.6.0
+ scp axis2c_1.6.0.tar.gz [email protected]:~/
+
+11. Put RCs till all the packs are throughly tested and there are no more
+ known issues.
+12. Then upload the release packs to your directory at apache
+13. Call for vote
+14. When the required number of votes is received, upload the release.
+ Copy the release from your home to /www/www.apache.org/dist/ws/axis2-c/
+ update the keys (cat KEYS >> /www/www.apache.org/dist/ws/axis2-c/KEYS)
+ Move earlier releases to archive.apache.org
(/www/archive.apache.org/dist/ws/axis2/c/)
+ Update the site at [WWW]
https://svn.apache.org/repos/asf/webservices/axis2/site/c/
+ svn update the site at /www/ws.apache.org/axis2/c
+ Test Main Site Downloads (wait until mirros pickup the distributables,
before sending the release note.)
+
+15. When the site is updated announce the release.
+
Modified: webservices/rampart/trunk/c/samples/ABOUT_SAMPLES
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/ABOUT_SAMPLES?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/ABOUT_SAMPLES (original)
+++ webservices/rampart/trunk/c/samples/ABOUT_SAMPLES Mon Apr 20 12:24:10 2009
@@ -1,40 +1,65 @@
Following is a brief description of Rampart/C samples
-Service : samples/services/sec_echo
+Service : ./server/sec_echo
---------------------------
The security enabled service. Depends on deployed security policy scenario.
-Client: samples/client/sec_echo
+Service : ./server/secconv_echo
+---------------------------
+The service act as the Security Token Service (STS). Depends on deployed
security policy scenario.
+
+Service : ./server/saml_sts
+---------------------------
+The service act as STS for SAML tokens.
+
+Client: ./client/sec_echo
---------------------------
The client to send secured SOAP messages. Depends on deployed security policy
scenario.
-Security policies: samples/secpolicy/scenarioX
+Client: ./client/saml_echo
+---------------------------
+Client uses SAML token as sign supporting token.
+
+Client: ./client/saml_protect
+------------------------------
+Client uses SAML token to encrypt and sign the message
+
+Security policies: ./secpolicy/scenarioX
--------------------------------------
Provides several identified scenarios to demonstrate features of RampartC.
-Please read the README file under samples/secpolicy to learn more about them.
+Please read the README file under ./secpolicy to learn more about them.
-Callbacks : samples/callback
+Callbacks : ./callback
---------------------------
To retrieve passwords for a particular user, Rampart/C uses password callback
mechanism.
Such callback modules can be plugged into Rampart/C by defining them in the
policy assertions.
The sample shows how to write a simple password callback module.
-Credential Provider: samples/credential_provider
+Credential Provider: ./credential_provider
------------------------------------------------
In the client side it's possible to give a username/password pair to the
client, using a credential_provider.
Similar to Callbacks, these can too plugged into Rampart/C by defining them in
the policy assertions.
The sample shows how to write a simple credentials provider.
-Authentication Provider : samples/authn_provider
+Authentication Provider : ./authn_provider
----------------------------------------------
In the server side, in order to validate a usernametoken in more application
specific way, an authentication module can be used.
The authentication module gets both the username and the password and returns
a status code back to Rampart/C.
The sample shows how to write a simple authentication provider.
-Keys : samples/keys
+Replay Detector : ./replay_detector
+---------------------------------------------
+Replay attacks can be identified and removed from the server side. Replay
detector module shows one such implementation where it stores
+last 5 message IDs and check whether there are any replays.
+
+Security Context Token Provider : ./sct_provider
+--------------------------------------------------
+To store and retrieve Security Context Token. Can be used in server side as
well as in client side.
+
+Keys : ./keys
------------------
All the certificates, private keys and key stores are used by samples are
placed here.
-Data : samples/data
+Data : ./data
-------------------
Data files that are used by samples, placed here.
Modified: webservices/rampart/trunk/c/samples/INSTALL
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/INSTALL?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/INSTALL (original)
+++ webservices/rampart/trunk/c/samples/INSTALL Mon Apr 20 12:24:10 2009
@@ -1,4 +1,4 @@
-Getting Axis2/C Rampart samples source working on Linux
+Getting Rampart/C samples source working on Linux
=============================================
Build the source
This can be done using the following command sequence:
Modified: webservices/rampart/trunk/c/samples/secpolicy/README
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/README?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/README (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/README Mon Apr 20 12:24:10
2009
@@ -6,17 +6,16 @@
Windows users please use the "deploy.bat".
Make sure you have run the
-samples/client/sec_echo/deploy_client_repo.sh on Linux or
-samples\client\sec_echo\deploy_client_repo.bat in Windows.
+../client/deploy_client_repo.sh on Linux or
+..\client\deploy_client_repo.bat in Windows.
These scenarios will only copy the security policy (XML) files.
-Then go to $AXIS2C_HOME/bin and start the server.
+Then start the server. (simple_axis_server is in $AXIS2C_HOME/bin)
To run the client, use the script
-"samples/client/sec_echo/update_n_run.sh" on Linux or
-"samples\client\sec_echo\update_n_run.bat" on Windows.
-
+"../client/sec_echo/update_n_run.sh" on Linux or
+"..\client\sec_echo\update_n_run.bat" on Windows.
Following is a summary of scenarios available.
Modified: webservices/rampart/trunk/c/xdocs/api/doxygenconf
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/xdocs/api/doxygenconf?rev=766668&r1=766667&r2=766668&view=diff
==============================================================================
--- webservices/rampart/trunk/c/xdocs/api/doxygenconf (original)
+++ webservices/rampart/trunk/c/xdocs/api/doxygenconf Mon Apr 20 12:24:10 2009
@@ -23,7 +23,7 @@
# This could be handy for archiving the generated documentation or
# if some version control system is used.
-PROJECT_NUMBER =
+PROJECT_NUMBER = 1.3.0
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.
