You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ch...@apache.org on 2007/05/25 10:09:37 UTC
svn commit: r541579 [14/18] - in /webservices/axis2/trunk/java/xdocs: ./
@axis2_version_dir@/ @axis2_version_dir@/adb/
@axis2_version_dir@/adb/images/ @axis2_version_dir@/images/
@axis2_version_dir@/images/archi-guide/ @axis2_version_dir@/images/usergu...
Added: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/out-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/out-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/out-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/out-sample2.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/out-sample2.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/out-sample2.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/rampart-config.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/rampart-config.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/rampart-config.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/rampart-config.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ramp="http://ws.apache.org/rampart/policy" targetNamespace="http://ws.apache.org/rampart/policy" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="RampartConfig">
+ <xs:annotation>
+ <xs:documentation>Rampart specific configuration assertion</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+ <xs:element name="passwordCallbackClass" type="xs:string"/>
+ <xs:element name="encryptionCypto" type="ramp:crypto" minOccurs="0"/>
+ <xs:element name="signatureCypto" type="ramp:crypto" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="crypto">
+ <xs:annotation>
+ <xs:documentation>Crypto configuration assertion</xs:documentation>
+ </xs:annotation>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="property" type="xs:string"/>
+ </xs:sequence>
+ <xs:attribute name="provider"/>
+ </xs:complexType>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-policy.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-policy.xml?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-policy.xml (added)
+++ webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-policy.xml Fri May 25 01:09:03 2007
@@ -0,0 +1,89 @@
+<!--
+ ~ Copyright 2004,2005 The Apache Software Foundation.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">test-resources/rampart/store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-services.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-services.xml?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-services.xml (added)
+++ webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/sec-conf/sample-services.xml Fri May 25 01:09:03 2007
@@ -0,0 +1,104 @@
+<!--
+ ~ Copyright 2004,2005 The Apache Software Foundation.
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License.
+ -->
+<service name="SecureService7">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+
+ <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SigEncrTripleDesRSA15DK" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
Added: webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/security-module.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/security-module.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/security-module.html (added)
+++ webservices/axis2/trunk/java/xdocs/modules/rampart/1_2/security-module.html Fri May 25 01:09:03 2007
@@ -0,0 +1,296 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+ <link href="../../../css/axis-docs.css" rel="stylesheet" type="text/css" media="all" />
+ <title>Rampart : WS-Security module for Axis2</title>
+</head>
+
+<body>
+<h1>Securing SOAP Messages with Rampart</h1>
+
+<p>Axis2 comes with a module based on Apache WSS4J [1] to provide WS-Security
+features, called "Rampart". This document explains how to engage and
+configure Rampart module.</p>
+
+<h2>Content</h2>
+<ul>
+ <li><a href="#intro">Introduction</a></li>
+ <li><a href="#1_1_config">Rampart-1.1 Configuration</a>
+ <ul>
+ <li><a href="#1_1_assetions">Rampart Specific Assertions</a></li>
+ <li><a href="#1_1_service_config">Service Configration</a></li>
+ <li><a href="#1_1_client_config">Client Confiuration</a></li>
+ </ul></li>
+ <li><a href="#1_0_config">Rampart-1.0 Configuration</a>
+ <ul>
+ <li><a href="#outflowsecurity">OutflowSecurity Parameter</a></li>
+ <li><a href="#inflowsecurity">InflowSecurity Parameter</a></li>
+ </ul></li>
+ <li><a href="#references">References</a></li>
+ <li><a href="#examples">Examples</a></li>
+</ul>
+<a name="intro"></a>
+
+<h2>Introduction</h2>
+
+<p>Since rampart module inserts handlers in the system specific security
+phase, it must be engaged globally. These handlers can be configured
+using WS-SecurityPolicy[2] and Rampart specific policy assertions.
+Rampart-1.0 used two axis2 parameters for configuration and these are
+still supported in the 1.1 release as well.</p>
+
+<p>The rampart-1.1 release is available
+<a href="http://www.apache.org/dyn/closer.cgi/ws/rampart/1_1">here</a>.</p>
+
+<p>First it should be engaged by inserting the following in the axis2.xml
+file.</p>
+<source><pre> <module ref="rampart"/></pre>
+</source>
+<p>The web admin interface can be used when Axis2 is deployed in a servlet
+container such as Apache Tomcat.</p>
+
+<p>At the server it is possible to provide security on a per service basis.
+The configuration parameters should be set in the service.xml file of the
+service. The client side config parameters should be set in the axis2.xml of
+the client's Axis2 repository.</p>
+<a id="1_1_config"></a>
+<h2>Rampart-1.1 Configuration</h2>
+<a id="1_1_assetions"></a>
+<h3>Rampart Specific Assertions</h3>
+
+<p>Rampart uses the standard WS-SecurityPolicy[2] assertions and also defines its own
+assertions to be able capture the configuration information that is not provided
+in WS-SecurityPolicy.</p>
+<p>The Rampart specific assertion's xsd can be found <a href="sec-conf/rampart-config.xsd">here
+</a>.</p>
+
+<p>The <strong>ramp:RampartConfig</strong> assertion must be available as a one of the top
+level assertions of the policy as shown <a href="sec-conf/sample-policy.xml">here</a>.</p>
+<a id="1_1_service_config"></a>
+<h3>Service Configration</h3>
+
+To configure the service one will simply have to add the policy element into the
+sevices.xml file. A sample service.xml file is available
+<a href="sec-conf/sample-services.xml">here</a>.
+<a id="1_1_client_config"></a>
+<h3>Client Confiuration</h3>
+<p>On the client side, a policy object should be created and loaded into options. Creating the policy object can be done using a "policy.xml" file as follows.</p>
+
+<pre>
+ //Creating the object
+ StAXOMBuilder builder = new StAXOMBuilder(pathToPolicyfile);
+ Policy clientPolicy = PolicyEngine.getPolicy(builder.getDocumentElement());
+ //setting the object
+ Options options = new Options();
+ options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, clientPolicy);
+</pre>
+<a id="1_0_config"></a>
+<h2>Rampart-1.0 Configuration</h2>
+
+<p>Rampart module uses two parameters:</p>
+<ul>
+ <li><a href="outflowsecurity">OutflowSecurity</a></li>
+ <li><a href="inflowsecurity">InflowSecurity</a></li>
+</ul>
+The configuration that can go in each of these parameters are described
+below: <a name="outflowsecurity"></a>
+
+<h3>OutflowSecurity Parameter</h3>
+This parameter is used to configure the outflow security handler. The outflow
+handler can be invoked more than once in the outflow one can provide
+configuration for each of these invocations. The 'action' element describes
+one of these configurations. Therefore the 'OutflowSecurity' parameter can
+contain more than one 'action' elements. The schema of this 'action' element
+is available <a href="sec-conf/out-action.xsd">here</a>.
+
+<p>An outflow configuration to add a timestamp, sign and encrypt the message
+once, is shown in<a href="#ex1"> Example 1</a> and <a href="#ex1"> Example
+2</a> shows how to sign the message twice by chaining the outflow handler
+(using two 'action' elements)</p>
+
+<p>Following is a description of the elements that can go in an 'action'
+element of the OutflowSecurity parameter</p>
+<br>
+
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>Add a Timestamp, Sign the SOAP body and Encrypt the SOAP body <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>user</td>
+ <td>The user's name</td>
+ <td>Set alias of the key to be used to sign<br>
+ <user> bob</user></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to provide the password required to create the
+ UsernameToken or to sign the message</td>
+ <td><passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>property file used to get the signature parameters such as crypto
+ provider, keystore and its password</td>
+ <td>Set example.properties file as the signature property file<br>
+ <signaturePropFile>
+ example.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>signatureKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in the signature</td>
+ <td>Use the serial number of the certificate<br>
+ <signatureKeyIdentifier>
+ IssuerSerial</signatureKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in encryption</td>
+ <td>Use the serial number of the certificate <br>
+ <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionUser</td>
+ <td>The user's name for encryption.</td>
+ <td><br>
+ <encryptionUser>alice</encryptionUser></td>
+ </tr>
+ <tr>
+ <td>encryptionSymAlgorithm</td>
+ <td>Symmetric algorithm to be used for encryption</td>
+ <td>Use AES-128<br>
+ <encryptionSymAlgorithm>
+ http://www.w3.org/2001/04/xmlenc#aes128-cbc</encryptionSymAlgorithm></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyTransportAlgorithm</td>
+ <td>Key encryption algorithm</td>
+ <td>Use RSA-OAEP<br>
+ <parameter name="encryptionSymAlgorithm">
+ http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</parameter></td>
+ </tr>
+ <tr>
+ <td>signatureParts</td>
+ <td>Sign multiple parts in the SOAP message</td>
+ <td>Sign Foo and Bar elements qualified by "http://app.ns/ns"<br>
+ <signatureParts>
+ {Element}{http://app.ns/ns}Foo;{Element}{http://app.ns/ns}Bar
+ </signatureParts></td>
+ </tr>
+ <tr>
+ <td>optimizeParts</td>
+ <td>MTOM Optimize the elements specified by the XPath query</td>
+ <td>Optimize the CipherValue<br>
+ <optimizeParts>
+ //xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
+ </optimizeParts></td>
+ </tr>
+ </tbody>
+</table>
+<a name="inflowsecurity"></a>
+
+<h3>InflowSecurity Parameter</h3>
+
+<p>This parameter is used to configure the inflow security handler. The
+'action' element is used to encapsulate the configuration elements here as
+well. The schema of the 'action' element is available here. <a
+href="#ex3">Example 3</a> shows the configuration to decrypt, verify
+signature and validate timestamp.</p>
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>first the incoming message should be decrypted and then the
+ signatures should be verified and should be checked for the
+ availability of the Timestamp <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to obtain password for decryption and
+ UsernameToken verification</td>
+ <td><br>
+ <passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>Property file used for signature verification</td>
+ <td><br>
+ <signaturePropFile>
+ sig.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>decryptionPropFile</td>
+ <td>Property file used for decryption</td>
+ <td><br>
+ <decryptionPropFile>
+ dec.properties</decryptionPropFile></td>
+ </tr>
+ </tbody>
+</table>
+<br>
+
+
+<p>Please note that the '.properties' files used in properties such as
+OutSignaturePropFile are the same property files that are using in the WSS4J
+project. Following shows the properties defined in a sample property file</p>
+<source><pre> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+ org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+ org.apache.ws.security.crypto.merlin.keystore.password=security
+ org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
+ org.apache.ws.security.crypto.merlin.alias.password=security
+ org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
+ </pre>
+</source>org.apache.ws.security.crypto.provider defines the implementation of
+the org.apache.ws.security.components.crypto.Crypto interface to provide the
+crypto information required by WSS4J. The other properties defined are the
+configuration properties used by the implementation class
+(org.apache.ws.security.components.crypto.Merlin). <a name="ref"></a> <a
+name="references"></a>
+
+<h2>References</h2>
+
+<p>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a></p>
+<a name="examples"></a>
+<p>2. <a href="http://specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf">ws-securitypolicy.pdf</a></p>
+<a name="examples"></a>
+
+
+<h2>Examples</h2>
+
+<p id="ex1">Example 1: An outflow configuration to add a timestamp, sign and
+encrypt the message once</p>
+
+<p><img alt="" src="sec-conf/out-sample.png"></p>
+
+<p id="ex2">Example 2: An outflow configuration to sign the message twice and
+add a timestamp</p>
+
+<p><img alt="" src="sec-conf/out-sample2.png"></p>
+
+<p id="ex3">Example 3: An inflow configuration to decrypt, verify signature
+and validate timestamp</p>
+
+<p><img alt="" src="sec-conf/in-sample.png"></p>
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in.action.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in.action.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in.action.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/in.action.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="action">
+ <xs:annotation>
+ <xs:documentation>Inflow security 'action' configuration</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="items" type="xs:string"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="decryptionPropFile" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-action.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-action.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-action.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-action.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="action">
+ <xs:annotation>
+ <xs:documentation>Outflow security 'action' configuration</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="items" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureKeyIdentifier" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionKeyIdentifier" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionSymAlgorithm" type="xs:string" minOccurs="0"/>
+ <xs:element name="EmbeddedKeyCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionKeyTransportAlgorithm" type="xs:string" minOccurs="0"/>
+ <xs:element name="EmbeddedKeyName" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-sample2.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-sample2.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/sec-conf/out-sample2.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/security-module.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/security-module.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/security-module.html (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/0_94/0.94/security-module.html Fri May 25 01:09:03 2007
@@ -0,0 +1,246 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+<link href="../../../../css/axis-docs.css" rel="stylesheet" type="text/css" media="all" />
+ <title>The Security Module</title>
+</head>
+
+<body>
+<h1>Securing SOAP Messages with WSS4J</h1>
+
+<p><em>-For Axis2 version 0.94</em></p>
+
+<p>Axis2 comes with a module based on WSS4J [1] to provide WS-Security
+features. This section explains how to engage and configure the security
+module. Since the security module inserts handlers in the system specific
+pre-dispatch phase, it must be engaged globally. But it is possible to
+activate the security module for the inflow or the outflow when required by
+the service or the clients.</p>
+
+<p>The security module (security.mar) is available in the axis2.war but it is
+not engaged by default.</p>
+
+<p>First it should be engaged by inserting the following in the axis2.xml
+file.</p>
+<source><pre> <module ref="security"/></pre>
+</source>
+<p>The web admin interface can be used when Axis2 is deployed in a servlet
+container such as Apache Tomcat.</p>
+
+<p>At the server it is possible to provide security on a per service basis.
+The configuration parameters should be set in the service.xml file of the
+service. The client side config parameters should be set in the axis2.xml of
+the client's Axis2 repository.</p>
+
+<p>The security module uses two parameters:</p>
+<ul>
+ <li>OutflowSecurity</li>
+ <li>InflowSecurity</li>
+</ul>
+The configuration that can go in each of these parameters are described below:
+
+<h3>OutflowSecurity parameter</h3>
+This parameter is used to configure the outflow security handler. The outflow
+handler can be invoked more than once in the outflow one can provide
+configuration for each of these invocations. The 'action' element describes
+one of these configurations. Therefore the 'OutflowSecurity' parameter can
+contain more than one 'action' elements. The schema of this 'action' element
+is available <a href="sec-conf/out-action.xsd">here</a>.
+
+<p>An outflow configuration to add a timestamp, sing and encrypt the message
+once, is shown in<a href="#ex1"> Example 1</a> and <a href="#ex1"> Example
+2</a> shows how to sign the message twice by chaining the outflow handler
+(using two 'action' elements)</p>
+
+<p>Following is a description of the elements that can go in an 'action'
+element of the OutflowSecurity parameter</p>
+<br>
+
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>Add a Timestamp, Sign the SOAP body and Encrypt the SOAP body <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>user</td>
+ <td>The user's name</td>
+ <td>Set alias of the key to be used to sign<br>
+ <user> bob</user></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to provide the password required to create the
+ UsernameToken or to sign the message</td>
+ <td><passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>property file used to get the signature parameters such as crypto
+ provider, keystore and its password</td>
+ <td>Set example.properties file as the signature property file<br>
+ <signaturePropFile>
+ example.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>signatureKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in the signature</td>
+ <td>Use the serial number of the certificate<br>
+ <signatureKeyIdentifier>
+ IssuerSerial</signatureKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in encryption</td>
+ <td>Use the serial number of the certificate <br>
+ <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionUser</td>
+ <td>The user's name for encryption.</td>
+ <td><br>
+ <encryptionUser>alice</encryptionUser></td>
+ </tr>
+ <tr>
+ <td>encryptionSymAlgorithm</td>
+ <td>Symmetric algorithm to be used for encryption</td>
+ <td>Use AES-128<br>
+ <encryptionSymAlgorithm>
+ http://www.w3.org/2001/04/xmlenc#aes128-cbc</encryptionSymAlgorithm></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyTransportAlgorithm</td>
+ <td>Key encryption algorithm</td>
+ <td>Use RSA-OAEP<br>
+ <parameter name="encryptionSymAlgorithm">
+ http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</parameter></td>
+ </tr>
+ <tr>
+ <td>signatureParts</td>
+ <td>Sign multiple parts in the SOAP message</td>
+ <td>Sign Foo and Bar elements qualified by "http://app.ns/ns"<br>
+ <signatureParts>
+ {Element}{http://app.ns/ns}Foo;{Element}{http://app.ns/ns}Bar
+ </signatureParts></td>
+ </tr>
+ <tr>
+ <td>optimizeParts</td>
+ <td>MTOM Optimize the elements specified by the XPath query</td>
+ <td>Optimize the CipherValue<br>
+ <optimizeParts>
+ //xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
+ </optimizeParts></td>
+ </tr>
+ </tbody>
+</table>
+<br>
+
+
+<h3>InflowSecurity parameter</h3>
+
+<p>This parameter is used to configure the inflow security handler. The
+'action' element is used to encapsulate the configuration elements here as
+well. The schema of the 'action' element is available here. <a
+href="#ex3">Example 3</a> shows the configuration to decrypt, verify
+signature and validate timestamp.</p>
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>first the incoming message should be decrypted and then the
+ signatures should be verified and should be checked for the
+ availability of the Timestamp <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to obtain password for decryption and
+ UsernameToken verification</td>
+ <td><br>
+ <passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>Property file used for signature verification</td>
+ <td><br>
+ <signaturePropFile>
+ sig.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>decryptionPropFile</td>
+ <td>Property file used for decryption</td>
+ <td><br>
+ <decryptionPropFile>
+ dec.properties</decryptionPropFile></td>
+ </tr>
+ </tbody>
+</table>
+<br>
+
+
+<p>Please note that the '.properties' files used in properties such as
+OutSignaturePropFile are the same property files that are using in the WSS4J
+project. Following shows the properties defined in a sample property file</p>
+<source><pre>org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+org.apache.ws.security.crypto.merlin.keystore.password=security
+org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
+org.apache.ws.security.crypto.merlin.alias.password=security
+org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT</pre>
+</source>org.apache.ws.security.crypto.provider defines the implementation of
+the org.apache.ws.security.components.crypto.Crypto interface to provide the
+crypto information required by WSS4J. The other properties defined are the
+configuration properties used by the implementation class
+(org.apache.ws.security.components.crypto.Merlin).
+
+<h2>JDK 1.5</h2>
+
+<p>If you are using JDK1.5 make sure you add bouncycastle as a JCE provider
+of the JRE</p>
+
+<p>Simply add
+<b>security.provider.X=org.bouncycastle.jce.provider.BouncyCastleProvider</b>
+entry in <b>JDK_HOME/jre/lib/security/java.security</b> file.</p>
+
+<p><b>References</b></p>
+
+<p>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J</a></p>
+<br>
+
+
+<p><b>Examples</b></p>
+
+<p id="ex1">Example 1: An outflow configuration to add a timestamp, sing and
+encrypt the message once</p>
+
+<p><img src="sec-conf/out-sample.png"></p>
+
+<p id="ex2">Example 2: An outflow configuration to sign the message twice and
+add a timestamp</p>
+
+<p><img src="sec-conf/out-sample2.png"></p>
+
+<p id="ex3">Example 3: An inflow configuration to decrypt, verify signature
+and validate timestamp</p>
+
+<p><img src="sec-conf/in-sample.png"></p>
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in.action.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in.action.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in.action.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/in.action.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="action">
+ <xs:annotation>
+ <xs:documentation>Inflow security 'action' configuration</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="items" type="xs:string"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="decryptionPropFile" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-action.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-action.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-action.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-action.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="action">
+ <xs:annotation>
+ <xs:documentation>Outflow security 'action' configuration</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="items" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureKeyIdentifier" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionKeyIdentifier" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionSymAlgorithm" type="xs:string" minOccurs="0"/>
+ <xs:element name="EmbeddedKeyCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionKeyTransportAlgorithm" type="xs:string" minOccurs="0"/>
+ <xs:element name="EmbeddedKeyName" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-sample2.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-sample2.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/sec-conf/out-sample2.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/security-module.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/security-module.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/security-module.html (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/0_95/security-module.html Fri May 25 01:09:03 2007
@@ -0,0 +1,238 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+<link href="../../../css/axis-docs.css" rel="stylesheet" type="text/css" media="all" />
+ <title>The Security Module</title>
+</head>
+
+<body>
+<h1>Securing SOAP Messages with WSS4J</h1>
+
+<p><em>-For Axis2 Version 0.95</em></p>
+
+<p>Axis2 comes with a module based on WSS4J [1] to provide WS-Security
+features. This section explains how to engage and configure the security
+module. Since the security module inserts handlers in the system specific
+pre-dispatch phase, it must be engaged globally. But it is possible to
+activate the security module for the inflow or the outflow when required by
+the service or the clients.</p>
+
+<p>The security module (security.mar) is available in the axis2.war but it is
+not engaged by default.</p>
+
+<p>First it should be engaged by inserting the following in the axis2.xml
+file.</p>
+<source><pre> <module ref="security"/></pre>
+</source>
+<p>The web admin interface can be used when Axis2 is deployed in a servlet
+container such as Apache Tomcat.</p>
+
+<p>At the server it is possible to provide security on a per service basis.
+The configuration parameters should be set in the service.xml file of the
+service. The client side config parameters should be set in the axis2.xml of
+the client's Axis2 repository.</p>
+
+<p>The security module uses two parameters:</p>
+<ul>
+ <li>OutflowSecurity</li>
+ <li>InflowSecurity</li>
+</ul>
+The configuration that can go in each of these parameters are described below:
+
+<h3>OutflowSecurity parameter</h3>
+This parameter is used to configure the outflow security handler. The outflow
+handler can be invoked more than once in the outflow one can provide
+configuration for each of these invocations. The 'action' element describes
+one of these configurations. Therefore the 'OutflowSecurity' parameter can
+contain more than one 'action' elements. The schema of this 'action' element
+is available <a href="sec-conf/out-action.xsd">here</a>.
+
+<p>An outflow configuration to add a timestamp, sing and encrypt the message
+once, is shown in<a href="#ex1"> Example 1</a> and <a href="#ex1"> Example
+2</a> shows how to sign the message twice by chaining the outflow handler
+(using two 'action' elements)</p>
+
+<p>Following is a description of the elements that can go in an 'action'
+element of the OutflowSecurity parameter</p>
+<br>
+
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>Add a Timestamp, Sign the SOAP body and Encrypt the SOAP body <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>user</td>
+ <td>The user's name</td>
+ <td>Set alias of the key to be used to sign<br>
+ <user> bob</user></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to provide the password required to create the
+ UsernameToken or to sign the message</td>
+ <td><passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>property file used to get the signature parameters such as crypto
+ provider, keystore and its password</td>
+ <td>Set example.properties file as the signature property file<br>
+ <signaturePropFile>
+ example.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>signatureKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in the signature</td>
+ <td>Use the serial number of the certificate<br>
+ <signatureKeyIdentifier>
+ IssuerSerial</signatureKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in encryption</td>
+ <td>Use the serial number of the certificate <br>
+ <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionUser</td>
+ <td>The user's name for encryption.</td>
+ <td><br>
+ <encryptionUser>alice</encryptionUser></td>
+ </tr>
+ <tr>
+ <td>encryptionSymAlgorithm</td>
+ <td>Symmetric algorithm to be used for encryption</td>
+ <td>Use AES-128<br>
+ <encryptionSymAlgorithm>
+ http://www.w3.org/2001/04/xmlenc#aes128-cbc</encryptionSymAlgorithm></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyTransportAlgorithm</td>
+ <td>Key encryption algorithm</td>
+ <td>Use RSA-OAEP<br>
+ <parameter name="encryptionSymAlgorithm">
+ http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</parameter></td>
+ </tr>
+ <tr>
+ <td>signatureParts</td>
+ <td>Sign multiple parts in the SOAP message</td>
+ <td>Sign Foo and Bar elements qualified by "http://app.ns/ns"<br>
+ <signatureParts>
+ {Element}{http://app.ns/ns}Foo;{Element}{http://app.ns/ns}Bar
+ </signatureParts></td>
+ </tr>
+ <tr>
+ <td>optimizeParts</td>
+ <td>MTOM Optimize the elements specified by the XPath query</td>
+ <td>Optimize the CipherValue<br>
+ <optimizeParts>
+ //xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
+ </optimizeParts></td>
+ </tr>
+ </tbody>
+</table>
+<br>
+
+
+<h3>InflowSecurity parameter</h3>
+
+<p>This parameter is used to configure the inflow security handler. The
+'action' element is used to encapsulate the configuration elements here as
+well. The schema of the 'action' element is available here. <a
+href="#ex3">Example 3</a> shows the configuration to decrypt, verify
+signature and validate timestamp.</p>
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>first the incoming message should be decrypted and then the
+ signatures should be verified and should be checked for the
+ availability of the Timestamp <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to obtain password for decryption and
+ UsernameToken verification</td>
+ <td><br>
+ <passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>Property file used for signature verification</td>
+ <td><br>
+ <signaturePropFile>
+ sig.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>decryptionPropFile</td>
+ <td>Property file used for decryption</td>
+ <td><br>
+ <decryptionPropFile>
+ dec.properties</decryptionPropFile></td>
+ </tr>
+ </tbody>
+</table>
+<br>
+
+
+<p>Please note that the '.properties' files used in properties such as
+OutSignaturePropFile are the same property files that are using in the WSS4J
+project. Following shows the properties defined in a sample property file</p>
+<source><pre> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+ org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+ org.apache.ws.security.crypto.merlin.keystore.password=security
+ org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
+ org.apache.ws.security.crypto.merlin.alias.password=security
+ org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
+ </pre>
+</source>org.apache.ws.security.crypto.provider defines the implementation of
+the org.apache.ws.security.components.crypto.Crypto interface to provide the
+crypto information required by WSS4J. The other properties defined are the
+configuration properties used by the implementation class
+(org.apache.ws.security.components.crypto.Merlin).
+
+<p><b>References</b></p>
+
+<p>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J</a></p>
+<br>
+
+
+<p><b>Examples</b></p>
+
+<p id="ex1">Example 1: An outflow configuration to add a timestamp, sing and
+encrypt the message once</p>
+
+<p><img alt="" src="sec-conf/out-sample.png"></p>
+
+<p id="ex2">Example 2: An outflow configuration to sign the message twice and
+add a timestamp</p>
+
+<p><img alt="" src="sec-conf/out-sample2.png"></p>
+
+<p id="ex3">Example 3: An inflow configuration to decrypt, verify signature
+and validate timestamp</p>
+
+<p><img alt="" src="sec-conf/in-sample.png"></p>
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in.action.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in.action.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in.action.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/in.action.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="action">
+ <xs:annotation>
+ <xs:documentation>Inflow security 'action' configuration</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="items" type="xs:string"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="decryptionPropFile" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-action.xsd
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-action.xsd?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-action.xsd (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-action.xsd Fri May 25 01:09:03 2007
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="action">
+ <xs:annotation>
+ <xs:documentation>Outflow security 'action' configuration</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="items" type="xs:string"/>
+ <xs:element name="user" type="xs:string"/>
+ <xs:element name="passwordCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="signaturePropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionPropFile" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureKeyIdentifier" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionKeyIdentifier" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionUser" type="xs:string" minOccurs="0"/>
+ <xs:element name="signatureParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="optimizeParts" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionSymAlgorithm" type="xs:string" minOccurs="0"/>
+ <xs:element name="EmbeddedKeyCallbackClass" type="xs:string" minOccurs="0"/>
+ <xs:element name="encryptionKeyTransportAlgorithm" type="xs:string" minOccurs="0"/>
+ <xs:element name="EmbeddedKeyName" type="xs:string" minOccurs="0"/>
+ <xs:element name="timeToLive" type="xs:string" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+</xs:schema>
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-sample.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-sample.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-sample.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-sample2.png
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-sample2.png?view=auto&rev=541579
==============================================================================
Binary file - no diff available.
Propchange: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/sec-conf/out-sample2.png
------------------------------------------------------------------------------
svn:mime-type = application/octet-stream
Added: webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/security-module.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/security-module.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/security-module.html (added)
+++ webservices/axis2/trunk/java/xdocs/modules/wss4j/1_0/security-module.html Fri May 25 01:09:03 2007
@@ -0,0 +1,251 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+ <link href="../../../css/axis-docs.css" rel="stylesheet" type="text/css" media="all" />
+ <title>Rampart : WS-Security module for Axis2</title>
+</head>
+
+<body>
+<h1>Securing SOAP Messages with WSS4J</h1>
+
+<p><em>-For Axis2 Version 1.0</em></p>
+
+<p>Axis2 comes with a module based on WSS4J [1] to provide WS-Security
+features, called "rampart". This document explains how to engage and
+configure rampart module.</p>
+
+<h2>Content</h2>
+<ul>
+ <li><a href="#intro">Introduction</a></li>
+ <li><a href="#outflowsecurity">OutflowSecurity Parameter</a></li>
+ <li><a href="#inflowsecurity">InflowSecurity Parameter</a></li>
+ <li><a href="#references">References</a></li>
+ <li><a href="#examples">Examples</a></li>
+</ul>
+<a name="intro"></a>
+
+<h2>Introduction</h2>
+
+<p>Since rampart module inserts handlers in the system specific pre-dispatch
+phase, it must be engaged globally. But it is possible to activate rampart
+module for the inflow or the outflow when required by the service or the
+clients.</p>
+
+<p>The rampart module (rampart.mar) is available with the Axis2 release.</p>
+
+<p>First it should be engaged by inserting the following in the axis2.xml
+file.</p>
+<source><pre> <module ref="rampart"/></pre>
+</source>
+<p>The web admin interface can be used when Axis2 is deployed in a servlet
+container such as Apache Tomcat.</p>
+
+<p>At the server it is possible to provide security on a per service basis.
+The configuration parameters should be set in the service.xml file of the
+service. The client side config parameters should be set in the axis2.xml of
+the client's Axis2 repository.</p>
+
+<p>Aegis module uses two parameters:</p>
+<ul>
+ <li>OutflowSecurity</li>
+ <li>InflowSecurity</li>
+</ul>
+The configuration that can go in each of these parameters are described
+below: <a name="outflowsecurity"></a>
+
+<h2>OutflowSecurity Parameter</h2>
+This parameter is used to configure the outflow security handler. The outflow
+handler can be invoked more than once in the outflow one can provide
+configuration for each of these invocations. The 'action' element describes
+one of these configurations. Therefore the 'OutflowSecurity' parameter can
+contain more than one 'action' elements. The schema of this 'action' element
+is available <a href="sec-conf/out-action.xsd">here</a>.
+
+<p>An outflow configuration to add a timestamp, sing and encrypt the message
+once, is shown in<a href="#ex1"> Example 1</a> and <a href="#ex1"> Example
+2</a> shows how to sign the message twice by chaining the outflow handler
+(using two 'action' elements)</p>
+
+<p>Following is a description of the elements that can go in an 'action'
+element of the OutflowSecurity parameter</p>
+<br>
+
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>Add a Timestamp, Sign the SOAP body and Encrypt the SOAP body <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>user</td>
+ <td>The user's name</td>
+ <td>Set alias of the key to be used to sign<br>
+ <user> bob</user></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to provide the password required to create the
+ UsernameToken or to sign the message</td>
+ <td><passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>property file used to get the signature parameters such as crypto
+ provider, keystore and its password</td>
+ <td>Set example.properties file as the signature property file<br>
+ <signaturePropFile>
+ example.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>signatureKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in the signature</td>
+ <td>Use the serial number of the certificate<br>
+ <signatureKeyIdentifier>
+ IssuerSerial</signatureKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyIdentifier</td>
+ <td>Key identifier to be used in referring the key in encryption</td>
+ <td>Use the serial number of the certificate <br>
+ <encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier></td>
+ </tr>
+ <tr>
+ <td>encryptionUser</td>
+ <td>The user's name for encryption.</td>
+ <td><br>
+ <encryptionUser>alice</encryptionUser></td>
+ </tr>
+ <tr>
+ <td>encryptionSymAlgorithm</td>
+ <td>Symmetric algorithm to be used for encryption</td>
+ <td>Use AES-128<br>
+ <encryptionSymAlgorithm>
+ http://www.w3.org/2001/04/xmlenc#aes128-cbc</encryptionSymAlgorithm></td>
+ </tr>
+ <tr>
+ <td>encryptionKeyTransportAlgorithm</td>
+ <td>Key encryption algorithm</td>
+ <td>Use RSA-OAEP<br>
+ <parameter name="encryptionSymAlgorithm">
+ http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</parameter></td>
+ </tr>
+ <tr>
+ <td>signatureParts</td>
+ <td>Sign multiple parts in the SOAP message</td>
+ <td>Sign Foo and Bar elements qualified by "http://app.ns/ns"<br>
+ <signatureParts>
+ {Element}{http://app.ns/ns}Foo;{Element}{http://app.ns/ns}Bar
+ </signatureParts></td>
+ </tr>
+ <tr>
+ <td>optimizeParts</td>
+ <td>MTOM Optimize the elements specified by the XPath query</td>
+ <td>Optimize the CipherValue<br>
+ <optimizeParts>
+ //xenc:EncryptedData/xenc:CipherData/xenc:CipherValue
+ </optimizeParts></td>
+ </tr>
+ </tbody>
+</table>
+<a name="inflowsecurity"></a>
+
+<h2>InflowSecurity Parameter</h2>
+
+<p>This parameter is used to configure the inflow security handler. The
+'action' element is used to encapsulate the configuration elements here as
+well. The schema of the 'action' element is available here. <a
+href="#ex3">Example 3</a> shows the configuration to decrypt, verify
+signature and validate timestamp.</p>
+
+<table border="1">
+ <tbody>
+ <tr>
+ <td><b>Parameter</b></td>
+ <td><b>Description</b></td>
+ <td><b>Example</b></td>
+ </tr>
+ <tr>
+ <td>items</td>
+ <td>Security actions for the inflow</td>
+ <td>first the incoming message should be decrypted and then the
+ signatures should be verified and should be checked for the
+ availability of the Timestamp <br>
+ <items> Timestamp Signature Encrypt</items></td>
+ </tr>
+ <tr>
+ <td>passwordCallbackClass</td>
+ <td>Callback class used to obtain password for decryption and
+ UsernameToken verification</td>
+ <td><br>
+ <passwordCallbackClass>
+ org.apache.axis2.security.PWCallback</passwordCallbackClass></td>
+ </tr>
+ <tr>
+ <td>signaturePropFile</td>
+ <td>Property file used for signature verification</td>
+ <td><br>
+ <signaturePropFile>
+ sig.properties</signaturePropFile></td>
+ </tr>
+ <tr>
+ <td>decryptionPropFile</td>
+ <td>Property file used for decryption</td>
+ <td><br>
+ <decryptionPropFile>
+ dec.properties</decryptionPropFile></td>
+ </tr>
+ </tbody>
+</table>
+<br>
+
+
+<p>Please note that the '.properties' files used in properties such as
+OutSignaturePropFile are the same property files that are using in the WSS4J
+project. Following shows the properties defined in a sample property file</p>
+<source><pre> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
+ org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
+ org.apache.ws.security.crypto.merlin.keystore.password=security
+ org.apache.ws.security.crypto.merlin.keystore.alias=16c73ab6-b892-458f-abf5-2f875f74882e
+ org.apache.ws.security.crypto.merlin.alias.password=security
+ org.apache.ws.security.crypto.merlin.file=keys/x509.PFX.MSFT
+ </pre>
+</source>org.apache.ws.security.crypto.provider defines the implementation of
+the org.apache.ws.security.components.crypto.Crypto interface to provide the
+crypto information required by WSS4J. The other properties defined are the
+configuration properties used by the implementation class
+(org.apache.ws.security.components.crypto.Merlin). <a name="ref"></a> <a
+name="references"></a>
+
+<h2>References</h2>
+
+<p>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a></p>
+<a name="examples"></a>
+
+<h2>Examples</h2>
+
+<p id="ex1">Example 1: An outflow configuration to add a timestamp, sing and
+encrypt the message once</p>
+
+<p><img alt="" src="sec-conf/out-sample.png"></p>
+
+<p id="ex2">Example 2: An outflow configuration to sign the message twice and
+add a timestamp</p>
+
+<p><img alt="" src="sec-conf/out-sample2.png"></p>
+
+<p id="ex3">Example 3: An inflow configuration to decrypt, verify signature
+and validate timestamp</p>
+
+<p><img alt="" src="sec-conf/in-sample.png"></p>
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/navigation.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/navigation.xml?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/navigation.xml (added)
+++ webservices/axis2/trunk/java/xdocs/navigation.xml Fri May 25 01:09:03 2007
@@ -0,0 +1,62 @@
+<!-- Created By Eran Chinthaka -->
+<project name="Axis2/Java">
+ <title>Axis2/Java</title>
+ <body>
+ <links>
+ <item name="Axis2/Java" href="index.html" />
+ <item name="Axis2/C" href="http://ws.apache.org/axis2/c" />
+ <item name="Apache WS" href="http://ws.apache.org" />
+ <item name="Apache " href="http://www.apache.org" />
+ </links>
+
+ <menu name="Axis2/Java">
+ <item name="Home" href="index.html" />
+ </menu>
+ <menu name="Downloads">
+ <item name="Releases" href="download.cgi" />
+ <item name="Modules" href="modules/index.html" />
+ <item name="Tools" href="tools/index.html" />
+ </menu>
+ <menu name="Documentation">
+ <item name="Version 1.2" href="/@axis2_version_dir@/contents.html" >
+ <item name="Table of Contents" href="@axis2_version_dir@/toc.html" />
+ <item name="Installation Guide" href="@axis2_version_dir@/installationguide.html" />
+ <item name="QuickStart Guide" href="@axis2_version_dir@/quickstartguide.html" />
+ <item name="User Guide" href="@axis2_version_dir@/userguide.html" />
+ <item name="POJO Guide" href="@axis2_version_dir@/pojoguide.html" />
+ <item name="Spring Guide" href="@axis2_version_dir@/spring.html" />
+ <item name="Web Administrator's Guide" href="@axis2_version_dir@/webadminguide.html" />
+ <item name="Migration Guide (from Axis1)" href="@axis2_version_dir@/migration.html" />
+ </item>
+ <item name="Version 1.1.1" href="/1_1_1/contents.html" />
+ <item name="Version 1.1" href="/1_1/contents.html" />
+ <item name="Version 1.0" href="/1_0/index.html" />
+ <item name="Version 0.95" href="/0_95/index.html" />
+ <item name="Version 0.94" href="/0_94/index.html" />
+ <item name="Version 0.93" href="/0_93/index.html" />
+ </menu>
+ <menu name="Resources">
+ <item name="FAQ" href="faq.html" />
+ <item name="Articles" href="articles.html" />
+ <item name="Wiki" href="http://wiki.apache.org/ws/FrontPage/Axis2/" />
+ <item name="Reference Library" href="refLib.html" />
+ <item name="Online Java Docs" href="http://ws.apache.org/axis2/@axis2_version_dir@/api/index.html" />
+ </menu>
+ <menu name="Get Involved" href="overview.html">
+ <item name="Overview" href="overview.html" />
+ <item name="Checkout the Source" href="svn.html" />
+ <item name="Mailing Lists" href="mail-lists.html" />
+ <item name="Developer Guidelines" href="guidelines.html" />
+ <item name="Build the Site" href="siteHowTo.html" />
+ </menu>
+ <menu name="Project Information">
+ <item name="Project Team" href="team-list.html" />
+ <item name="Issue Tracking" href="issue-tracking.html" />
+ <item name="Source Code"
+ href="http://svn.apache.org/viewcvs.cgi/webservices/axis2/trunk/?root=Apache-SVN" />
+ <item name="Acknowledgements" href="thanks.html" />
+ <item name="License"
+ href="http://www.apache.org/licenses/LICENSE-2.0.html" />
+ </menu>
+ </body>
+</project>
Added: webservices/axis2/trunk/java/xdocs/overview.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/overview.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/overview.html (added)
+++ webservices/axis2/trunk/java/xdocs/overview.html Fri May 25 01:09:03 2007
@@ -0,0 +1,37 @@
+<head>
+ <title>Overview</title>
+ <link href="css/axis-docs.css" rel="stylesheet" type="text/css" media="all" />
+ </head>
+<h2>Overview</h2>
+<p>Every volunteer project obtains its strength from the people involved in it.
+We invite you to participate as much or as little as you choose. The roles and
+responsibilities that people can assume in the project are based on merit.
+Everybody's input matters!</p>
+<p>There are a variety of ways to participate. Regardless of how you choose to
+participate, we suggest you join some or all of our <a href="mail-lists.html">
+mailing lists</a>.</p>
+<h2><b>Use the Products and Give Us Feedback</b> </h2>
+<p>Using the products, reporting bugs, making feature requests, etc. is by far
+the most important role. It's your feedback that allows the technology to
+evolve. </p>
+<ul>
+ <li><a href="mail-lists.html">Join Mailing Lists</a> </li>
+ <li><a href="http://ws.apache.org/axis2/download.cgi" target="_blank">Download Binary Builds</a> </li>
+ <li><a href="http://issues.apache.org/jira/browse/AXIS2">Report bugs/Request additional features</a>
+ </li>
+</ul>
+<h2><b>Contribute Code or Documentation Patches</b> </h2>
+<p>In this role, you participate in the actual development of the code. If this
+is the type of role you'd like to play, here are some steps (in addition to the
+ones above) to get you started: </p>
+<ul>
+ <li><a href="guidelines.html">Read Guidelines</a> </li>
+ <li><a href="refLib.html">Review Reference Library</a> </li>
+ <li>
+ <a href="http://svn.apache.org/viewcvs.cgi/webservices/axis/trunk/?root=Apache-SVN">
+ View the Source Code</a> </li>
+ <li><a href="svn.html">Access SVN Repository</a>
+ </li>
+</ul>
+<div id="pdf" align="right">
+ </div>
Added: webservices/axis2/trunk/java/xdocs/refLib.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/refLib.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/refLib.html (added)
+++ webservices/axis2/trunk/java/xdocs/refLib.html Fri May 25 01:09:03 2007
@@ -0,0 +1,87 @@
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+ <title>Reference Library</title>
+ <link href="css/axis-docs.css" rel="stylesheet" type="text/css" media="all">
+</head>
+
+<body>
+<h2>Reference Library</h2>
+
+<p>The Axis Project lives or fails based on its human resources. Users and
+contributors alike help the project with ideas and brainpower. A common
+foundation of knowledge is required to effectively participate in this
+virtual community. The following is a list of documents that we have found
+helpful to us and they maybe helpful to you:</p>
+
+<p>These resources are required reading for anybody contributing source code
+to the project.</p>
+
+<p><b><font>SOAP Specific Resources</font></b></p>
+
+<p><b>SOAP W3C Specification</b> <a
+href="http://www.w3.org/TR/2000/NOTE-SOAP-20000508/">1.1</a> and <a
+href="http://www.w3.org/TR/soap/">1.2</a><br>
+Required reading.</p>
+
+<p><b><a href="http://www.w3.org/TR/SOAP-attachments">SOAP Messaging with
+Attachments W3C Specification</a></b> <br>
+SOAP combined with MIME.</p>
+
+<p><b><a href="http://www.w3.org/TR/SOAP-dsig/">SOAP Security Extensions:
+Digital Signature Specification</a></b> <br>
+Adding security to SOAP.</p>
+
+<p><b>Other Specifications</b></p>
+
+<p>Web Services Description Language (WSDL) <a
+href="http://www.w3c.org/TR/wsdl.html">1.1</a> <a
+href="http://www.w3.org/TR/wsdl20/">2.0</a></p>
+
+<p>WS - Addressing <a
+href="http://www.w3.org/Submission/ws-addressing/">submission</a> <a
+href="http://www.w3.org/TR/2005/WD-ws-addr-core-20050331/">1.0 (31st
+March,2005)</a></p>
+
+<p><a
+href="ftp://www6.software.ibm.com/software/developer/library/ws-policy.pdf">Web
+Services Policy Framework (WSPolicy)</a></p>
+
+<p><a href="http://www.ws-i.org/Profiles/BasicProfile-1.0.html">WS-I Basic
+Profile Version 1.0</a></p>
+
+<p><a
+href="http://jcp.org/aboutJava/communityprocess/first/jsr101/index.html">Java
+API for XML-based RPC (JAX-RPC)</a></p>
+
+<p><a href="http://www.w3.org/TR/2005/REC-soap12-mtom-20050125/">SOAP Message
+Transmission Optimization Mechanism</a></p>
+
+<p><b>Other Resources</b></p>
+
+<p><b><a href="http://java.sun.com/docs/books/jls/index.html">The Java
+Language Specification</a></b> <br>
+Written by the creators of the Java Programming Language, this online book is
+considered by many to be the bible for programming in Java. A must read.</p>
+
+<p><b><a
+href="http://java.sun.com/products/jdk/javadoc/index.html">Javadoc</a></b>
+<br>
+Javadoc is the automatic software documentation generator used by Java, since
+it was first released. All code written for this project must be documented
+using Javadoc conventions.</p>
+
+<p><b><a
+href="http://java.sun.com/docs/codeconv/html/CodeConvTOC.doc.html">The Java
+Code Conventions</a></b> <br>
+This Sun document specifies the de-facto standard way of formatting Java
+code. All code written for this project must follow these conventions.</p>
+
+<p><a href="http://svnbook.red-bean.com/en/1.1/svn-book.html"><strong>Version
+Control with SubVersion</strong></a><br>
+Written by Ben Collins-Sussman, Brian W. Fitzpatrick, C. Michael Pilato. It
+provides details on SVN features.</p>
+
+<p> </p>
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/siteHowTo.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/siteHowTo.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/siteHowTo.html (added)
+++ webservices/axis2/trunk/java/xdocs/siteHowTo.html Fri May 25 01:09:03 2007
@@ -0,0 +1,49 @@
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+ <title>How To Build Axis Project's Website</title>
+ <link href="css/axis-docs.css" rel="stylesheet" type="text/css" media="all">
+</head>
+
+<body>
+<h1>How to Build the Axis2 Project's Website</h1>
+
+<h2>Installing Maven</h2>
+
+<p>The Axis 2.0 website build system solely depends on <a
+href="http://maven.apache.org/">Maven</a>. The build has been specifically
+tested to work with Maven version 1.0.1. To install Maven, download the
+distributions and follow the instructions in the documentation. Make sure you
+don't forget to put MAVEN_HOME/bin directory in the path.</p>
+
+<h2>Checking out Axis 2.0</h2>
+
+<p>Checkout the <a
+href="http://svn.apache.org/repos/asf/webservices/axis2/trunk/java">latest
+source</a> using your favorite SVN client. If you are a committer, get a <a
+href="https://svn.apache.org/repos/asf/webservices/axis2/trunk/java">commiter
+check out.</a></p>
+
+<h2>Building the Site</h2>
+
+<p>Type <i>maven multiproject</i> at the root of your project folder. It will
+take some time to build the whole site. The built site will be available
+under targets/docs.</p>
+
+<h2>FAQ</h2>
+<ol>
+ <li>How can I update a document in the site ?<br>
+ Get a commiter check out. All the documents are in HTML format under the
+ xdocs folder, and you can change only the documents found under this
+ folder. Change the relevant file and run maven "html2xdoc:transform". New
+ documentation will be available under the target folder.</li>
+ <li>How can I add a new document?<br>
+ Put the new document in the xdocs folder. Change the navigation.xml found
+ under the xdocs folder by adding a link to the newly added document.
+ Re-generate the site.<br>
+ Please make sure you have not included any of the illegal characters and
+ your document should be well formed.</li>
+</ol>
+
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/style/maven-theme.css
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/style/maven-theme.css?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/style/maven-theme.css (added)
+++ webservices/axis2/trunk/java/xdocs/style/maven-theme.css Fri May 25 01:09:03 2007
@@ -0,0 +1,101 @@
+body, td, select, input, li{
+ font-family: Verdana, Helvetica, Arial, sans-serif;
+ font-size: 13px;
+}
+a {
+ text-decoration: none;
+}
+a:link {
+ color:#36a;
+}
+a:visited {
+ color:#47a;
+}
+a:active, a:hover {
+ color:#69c;
+}
+a.externalLink, a.externalLink:link, a.externalLink:visited, a.externalLink:active, a.externalLink:hover {
+ background: url(../images/external.png) right center no-repeat;
+ padding-right: 15px;
+}
+a.newWindow, a.newWindow:link, a.newWindow:visited, a.newWindow:active, a.newWindow:hover {
+ background: url(../images/newwindow.png) right center no-repeat;
+ padding-right: 18px;
+}
+h2 {
+background-image: url(../images/h2-bg.gif);
+ background-repeat: repeat-x;
+ background-attachment: scroll;
+ background-position: left top;
+ height: 20px;
+ padding: 4px 4px 4px 6px;
+ border-bottom: 1px solid #cccccc;
+ color: #333333;
+ background-color: #ffffff;
+ font-weight:900;
+ font-size: large;
+}
+h3 {
+padding: 4px 4px 2px 6px;
+ border-bottom: 1px solid #cccccc;
+ border-top: 0px solid #cccccc;
+ border-left: 0px solid #cccccc;
+ border-right: 0px solid #cccccc;
+ color: #666666;
+ font-weight: semi-bold;
+ font-size: normal;
+}
+p {
+ line-height: 1.3em;
+ font-size: small;
+}
+#banner {
+ background-color: #ffffff;
+ border-bottom: 1px solid #fff;
+}
+#breadcrumbs {
+ border-top: 1px solid #aaa;
+ background-image: url(../images/breadcrumbs-bg.gif);
+ background-repeat: repeat-x;
+ background-attachment: scroll;
+ background-position: left top;
+ height: 28px;
+}
+#leftColumn {
+ margin: 5px 0 0 10px;
+ border: 1px solid #b5b5b5;
+ background-color: #ffffff;
+ background-image: url(../images/leftcolumn-bg.gif);
+ background-repeat: repeat-x;
+ background-attachment: scroll;
+ background-position: left top;
+}
+#navcolumn h5 {
+ font-size: smaller;
+ border-bottom: 1px solid #aaaaaa;
+ padding-top: 4px;
+ padding-bottom: 4px;
+}
+
+table.bodyTable th {
+ color: white;
+ background-color: #bbb;
+ text-align: left;
+ font-weight: bold;
+}
+
+table.bodyTable th, table.bodyTable td {
+ font-size: 1em;
+}
+
+table.bodyTable tr.a {
+ background-color: #ddd;
+}
+
+table.bodyTable tr.b {
+ background-color: #eee;
+}
+
+.source {
+ border: 1px solid #999;
+}
Added: webservices/axis2/trunk/java/xdocs/svn.html
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/svn.html?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/svn.html (added)
+++ webservices/axis2/trunk/java/xdocs/svn.html Fri May 25 01:09:03 2007
@@ -0,0 +1,116 @@
+<html>
+<head>
+ <meta http-equiv="content-type" content="">
+ <title>Developing Apache Axis2</title>
+ <link href="css/axis-docs.css" rel="stylesheet" type="text/css" media="all">
+</head>
+
+<body lang="en">
+<h1>Developing Apache Axis2</h1>
+
+<p>This document provides information on how to use SVN to get an SVN
+checkout/update, make commits to the repository, etc., in the process of
+contributing to Apache projects (specifically Axis2). Instructions on
+configuring IDEs for development and using Maven to build the project is also
+included here.</p>
+
+<h2>Content</h2>
+<ul>
+ <li><a href="#svn">Working with Subversion (SVN)</a></li>
+ <li><a href="#checkout">Checkout Axis2 from Subversion</a></li>
+ <li><a href="#maven">Installing Maven 1</a></li>
+ <li><a href="#ide">Configuring your IDE</a></li>
+</ul>
+<a name="svn"></a>
+
+<h2>Working with Subversion (SVN)</h2>
+
+<p>The Axis2 development team uses Subversion (SVN) for source control.
+Subversion is a compelling replacement for CVS, developed under the auspices
+of the Tigris community and licensed under an Apache compatible license. To
+learn more about Subversion or to download the latest distribution, visit the
+<a href="http:///subversion.tigris.org" target="_blank">Subversion project
+site</a>. If you are looking for guidance on setting up and installing
+Subversion, please read the ASF <a
+href="http://www.apache.org/dev/version-control.html" target="_blank">Source
+Code Repositories page</a>.</p>
+<a name="checkout"></a>
+
+<h2>Checkout Axis2 from Subversion</h2>
+
+<p>To check out the latest version of Axis2 from the Foundation's Subversion
+repository, you must use one of the following URLs depending on your level of
+access to the Axis2 source code:</p>
+<ul>
+ <li><b>If you are not a committer:</b> <a
+ href="http://svn.apache.org/repos/asf/webservices/axis2/trunk/java"
+ target="_blank">http://svn.apache.org/repos/asf/webservices/axis2/trunk/java</a></li>
+ <li><b>If you are a committer:</b> <a
+ href="https://svn.apache.org/repos/asf/webservices/axis2/trunk/java"
+ target="_blank">https://svn.apache.org/repos/asf/webservices/axis2/trunk/java</a></li>
+</ul>
+If you are a committer, make sure that you have selected an svnpasswd. To do
+this, you must log into svn.apache.org. For more information, please read the
+ASF <a href="http://www.apache.org/dev/version-control.html"
+target="_blank">Source Code Repositories page</a>.
+
+<p>Once you have successfully installed Subversion, you can check out Axis2
+trunk by following these steps:</p>
+<ol type="1">
+ <li>Run <strong>svn co <repository URL> axis2</strong> where the
+ repository URL is one of the URLs from the previous list.</li>
+ <li>This step will check out the latest version of the Axis2 Java codebase
+ to a directory named "axis2". The second parameter to the <strong>svn
+ co</strong> selects a directory to create on your local machine. If you
+ want to checkout Axis2 to a different directory, feel free to change
+ axis2 to any other directory name.</li>
+ <li>To update your working copy to the latest version from the repository,
+ execute the <strong>svn update</strong> command.</li>
+ <li>If you would like to submit a patch, you can execute <strong>svn
+ diff</strong> to create a unified diff for submission to the Axis2 JIRA
+ issue tracker.</li>
+</ol>
+<a name="maven"></a>
+
+<h2>Installing Maven 1</h2>
+
+<p>Axis2's build is based on Maven 1. Maven is a build system that allows
+for the reuse of common build projects across multiple projects. For
+information about obtaining, installing, and configuring Maven 1, please see
+the <a href="http://maven.apache.org" target="_blank">Maven project page</a>.
+To use Maven to build the Axis2 project, follow these simple steps:</p>
+<ol type="1">
+ <li>Install <a href="http://maven.apache.org/maven-1.x/"
+ target="_blank">Maven1</a>. Refer to the <a
+ href="http://maven.apache.org/maven-1.x/start/install.html">instructions</a>.
+ <ul>
+ <li>Create a MAVEN_HOME environment variable.</li>
+ <li>Add MAVEN_HOME/bin to your PATH</li>
+ </ul>
+ </li>
+ <li>Go to the axis2 folder in the command prompt and type
+ <strong>maven</strong>.</li>
+ <li>Maven will then automatically download all the jars, compile, test and
+ build the Axis2 deliverables.</li>
+</ol>
+<a name="ide"></a>
+
+<h2>Configuring your IDE</h2>
+
+<p>The Axis2 development team uses a variety of development tools from vi to
+emacs to eclipse to Intellij/IDEA. The following section is not an
+endorsement of a specific set of tools, it is simply meant as a pointer to
+ease the process of getting started with Axis2 development.</p>
+<ul>
+ <li><strong>Intellij IDEA-</strong> type <strong>maven
+ idea:multiproject</strong>. Generates the necessary IDEA .ipr, .iml and
+ .iws project files</li>
+ <li><strong>eclipse</strong>- type <strong>maven multiproject:goal
+ -Dgoal=eclipse</strong> Then in Eclipse, setup a Classpath Variable for
+ MAVEN_REPO, and select File > Import > Existing Projects into
+ Workspace > Select root directory. Selecting the root of the Axis
+ source discovers all the modules and allows them to be imported as
+ individual projects at once.</li>
+</ul>
+</body>
+</html>
Added: webservices/axis2/trunk/java/xdocs/thanks.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/xdocs/thanks.xml?view=auto&rev=541579
==============================================================================
--- webservices/axis2/trunk/java/xdocs/thanks.xml (added)
+++ webservices/axis2/trunk/java/xdocs/thanks.xml Fri May 25 01:09:03 2007
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<document>
+ <properties>
+ <author email="dims@apache.org">Davanum Srinivas</author>
+ <title>Special Thanks!</title>
+ </properties>
+
+ <body>
+
+ <section name="Special Thanks to ...">
+ <table>
+ <tr>
+ <th>Company</th>
+ <th>Donation Type</th>
+ </tr>
+ <tr>
+ <td><A href="http://www.jetbrains.com/"><img height="51" width="200" src="http://www.jetbrains.com/img/logos/logo_intellij_idea.gif"/></A></td>
+ <td>Licenses for IDEA</td>
+ </tr>
+ <tr>
+ <td><A href="http://www.yourkit.com/"><img height="51" width="200" src="http://db.apache.org/ojb/images/yjp.gif"/></A></td>
+ <td>Licenses for YourKit</td>
+ </tr>
+ <tr>
+ <td><A href="http://www.ej-technologies.com/products/jprofiler/overview.html"><img height="51" width="200" src="http://www.ej-technologies.com/images/products/logo_jprofiler01.gif"/></A></td>
+ <td>Licenses for JProfiler</td>
+ </tr>
+ </table>
+ </section>
+ </body>
+</document>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org