Prabath Siriwardena, the security lead at WSO2 and product manager for WSO2 Identity Server, did a talk on "Identity patterns and anti-patterns in real world web services" at Apache Asia Roadshow 2009 conference. I was lucky enough to be there at the audience for this wonderful presentation.
Dec 3, 2009
The 'rampart-config' assertion is used to specify the configuration details required to secure a message exchange. Most common approach is to append this as a policy assertion to the corresponding policy in both client side and server side. But it is not feasible to use policy based rampart configuration always. For example, in a scenario where the username is loaded dynamically from a user input, policy based rampart-configuration would not be the best solution.
Rampart provides another approach for specifying these configuration details ; building the rampart-config programmatically and attaching it to the policy. By calling a few setters, you can build the required rampart-config without much effort.
In this post, I will walk you through the common rampart-config parameters and how to construct them programmatically. All the applicable rampart-config parameters are listed here.
First of all, instantiate a RampartConfig object.
RampartConfig rampartConfig = new RampartConfig();
Also you should be aware of how to build a CryptoConfig object. A CryptoConfig object is used to keep the information required for cryptographic operations like encryption and digital signature.
First set the necessary properties into a java properties collection.
Properties merlinProp = new Properties(); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS"); merlinProp.put("org.apache.ws.security.crypto.merlin.file","path/to/jks"); merlinProp.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
Then build the CryptoConfig object and set the properties.
CryptoConfig cryptoConfig = new CryptoConfig(); sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin"); sigCryptoConfig.setProp(merlinProp);
Now let's go ahead setting the rampart-config parameters.
Parameter - user
Parameter - userCertAlias
Parameter - encryptionUser
Parameter - passwordCallbackClass
Parameter - signatureCrypto (This is a CryptoConfig object)
Parameter - encryptionCypto (This is a CryptoConfig object)
Parameter - timestampTTL (in seconds)
Now attach this rampart-config to the policy object.
StAXOMBuilder builder = new StAXOMBuilder("path/to/policy"); Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement()); policy.addAssertion(rc);
Now set the policy object to the in client options.
These method names are self-explanatory. So if you are familiar with the names of the rampart-config parameters, it would be easier to identify the corresponding setter method in rampart-config.