rampart/c usage get-started questions

[Vivian Wang <vi...@yahoo.com>]

Hi There,

I am starting to use rampart/c for ws-security purpose together with axis2/c in a web service client application. I have the following get-me-started questions:

(1) As a web service client, all the security configurations can be done in a policy file, there is no need to programmatically set the security parameters in my source code, all I need to do is to set the policy file location when I create the web service client. Is this right? 

    I am asking this because when I browsed the rampart/c sample source code, I noticed that in some samples like saml_echo,  you created a saml assertion and set it into client config, like this:

    assertion = create_saml_assertion(env);
    saml = rampart_saml_token_create(env, assertion, RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
    rampart_saml_token_set_token_type(saml, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
    rampart_config_add_saml_token(client_config, env, saml);

Can this be done in the policy configuration file so I don't have to do this in my source code?

(2) And vice versa, can all the ws-securiy parameters done configured programmatically without using a policy file? I think for some applications, this will be more flexible.

(3) When I (the web service client) subscribe to several services from different service providers, can I have multiple policy files with one for each service? and similarly I one service contains several operations, can I have more than one policy files with one for each operation?

(4) With regard to ws-security username and password token, there is a parameter called password type, which can be Text or Digest. My question is this: If I choose to specify passwordType as Digest, can the actual password I set be in plainText? I mean in this case will rampart/c convert it into Digest format for me before sending? If I need to provide the Digest format, what algorithm should I use or what tool is available to me?

Thanks in advance for answering my newbie questions.
Vivian


      

Re: rampart/c usage get-started questions

[Supun Kamburugamuva <su...@gmail.com>]

On Fri, Mar 6, 2009 at 4:59 AM, Vivian Wang <vi...@yahoo.com> wrote:

>
> Hi There,
>
> I am starting to use rampart/c for ws-security purpose together with
> axis2/c in a web service client application. I have the following
> get-me-started questions:
>
> (1) As a web service client, all the security configurations can be done in
> a policy file, there is no need to programmatically set the security
> parameters in my source code, all I need to do is to set the policy file
> location when I create the web service client. Is this right?
>
>     I am asking this because when I browsed the rampart/c sample source
> code, I noticed that in some samples like saml_echo,  you created a
> saml assertion and set it into client config, like this:
>
>     assertion = create_saml_assertion(env);
>     saml = rampart_saml_token_create(env, assertion,
> RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
>     rampart_saml_token_set_token_type(saml, env,
> RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
>     rampart_config_add_saml_token(client_config, env, saml);
>
> Can this be done in the policy configuration file so I don't have to do
> this in my source code?
>

This cannot be done in the policy configuration. SAML assertion is created
prorammatically. So I don't see a way this can be set using the policy
configuration.

Supun.

Re: rampart/c usage get-started questions

[Vivian Wang <vi...@yahoo.com>]

Can anyone please reply to my questions? Thanks a lot!

Vivian



----- Original Message ----
From: Vivian Wang <vi...@yahoo.com>
To: axis-c-dev@ws.apache.org
Cc: axis-c-user@ws.apache.org
Sent: Thursday, March 5, 2009 3:59:40 PM
Subject: rampart/c usage get-started questions


Hi There,

I am starting to use rampart/c for ws-security purpose together with axis2/c in a web service client application. I have the following get-me-started questions:

(1) As a web service client, all the security configurations can be done in a policy file, there is no need to programmatically set the security parameters in my source code, all I need to do is to set the policy file location when I create the web service client. Is this right? 

    I am asking this because when I browsed the rampart/c sample source code, I noticed that in some samples like saml_echo,  you created a saml assertion and set it into client config, like this:

    assertion = create_saml_assertion(env);
    saml = rampart_saml_token_create(env, assertion, RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
    rampart_saml_token_set_token_type(saml, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
    rampart_config_add_saml_token(client_config, env, saml);

Can this be done in the policy configuration file so I don't have to do this in my source code?

(2) And vice versa, can all the ws-securiy parameters done configured programmatically without using a policy file? I think for some applications, this will be more flexible.

(3) When I (the web service client) subscribe to several services from different service providers, can I have multiple policy files with one for each service? and similarly I one service contains several operations, can I have more than one policy files with one for each operation?

(4) With regard to ws-security username and password token, there is a parameter called password type, which can be Text or Digest. My question is this: If I choose to specify passwordType as Digest, can the actual password I set be in plainText? I mean in this case will rampart/c convert it into Digest format for me before sending? If I need to provide the Digest format, what algorithm should I use or what tool is available to me?

Thanks in advance for answering my newbie questions.
Vivian


      

Re: rampart/c usage get-started questions

[Vivian Wang <vi...@yahoo.com>]

Can anyone please reply to my questions? Thanks a lot!

Vivian



----- Original Message ----
From: Vivian Wang <vi...@yahoo.com>
To: axis-c-dev@ws.apache.org
Cc: axis-c-user@ws.apache.org
Sent: Thursday, March 5, 2009 3:59:40 PM
Subject: rampart/c usage get-started questions


Hi There,

I am starting to use rampart/c for ws-security purpose together with axis2/c in a web service client application. I have the following get-me-started questions:

(1) As a web service client, all the security configurations can be done in a policy file, there is no need to programmatically set the security parameters in my source code, all I need to do is to set the policy file location when I create the web service client. Is this right? 

    I am asking this because when I browsed the rampart/c sample source code, I noticed that in some samples like saml_echo,  you created a saml assertion and set it into client config, like this:

    assertion = create_saml_assertion(env);
    saml = rampart_saml_token_create(env, assertion, RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
    rampart_saml_token_set_token_type(saml, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
    rampart_config_add_saml_token(client_config, env, saml);

Can this be done in the policy configuration file so I don't have to do this in my source code?

(2) And vice versa, can all the ws-securiy parameters done configured programmatically without using a policy file? I think for some applications, this will be more flexible.

(3) When I (the web service client) subscribe to several services from different service providers, can I have multiple policy files with one for each service? and similarly I one service contains several operations, can I have more than one policy files with one for each operation?

(4) With regard to ws-security username and password token, there is a parameter called password type, which can be Text or Digest. My question is this: If I choose to specify passwordType as Digest, can the actual password I set be in plainText? I mean in this case will rampart/c convert it into Digest format for me before sending? If I need to provide the Digest format, what algorithm should I use or what tool is available to me?

Thanks in advance for answering my newbie questions.
Vivian