You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by sh...@apache.org on 2010/12/21 11:16:31 UTC
svn commit: r1051445 -
/axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
Author: shankar
Date: Tue Dec 21 10:16:31 2010
New Revision: 1051445
URL: http://svn.apache.org/viewvc?rev=1051445&view=rev
Log:
Applying patch from RAMPART-306
Modified:
axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
Modified: axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml?rev=1051445&r1=1051444&r2=1051445&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml (original)
+++ axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml Tue Dec 21 10:16:31 2010
@@ -43,14 +43,14 @@
</td></tr>
<tr class="b"><td>encryptionCypto</td><td>properties to needed perform signature, such as crypto
provider, keystore and its password</td><td>
-<pre>
+<pre>
<encryptionCypto>
....crypto element ......
</encryptionCypto>
</pre></td></tr>
<tr class="a"><td>decryptionCrypto</td><td>properties to needed perform signature, such as crypto
provider, keystore and its password</td><td>
-<pre>
+<pre>
<decryptionCrypto>
....crypto element ......
</decryptionCrypto></pre></td></tr>
@@ -67,10 +67,66 @@
the org.apache.ws.security.components.crypto.Crypto interface to provide the
crypto information required by WSS4J. The other properties defined are the
configuration properties used by the implementation class
-(org.apache.ws.security.components.crypto.Merlin).
+(org.apache.ws.security.components.crypto.Merlin).
<br></br>
-<a name="ref"></a><a name="references"></a></p>
-<a name="References"></a>
-<h3>References</h3>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
+ <a name="ref"></a>
+ <a name="references"></a>
+ </p>
+ <a name="References"></a>
+ <h3>Crypto Caching</h3>
+ <p>Enabling caching of crypto objects will improve the performance of security processing.
+ After
+ enabling crypto caching, the crypto objects will be read from a cache instead of
+ constructing them by reading the keystore files.
+ </p>
+ <p>To enable caching of Crypto objects, two attributes should be added to the crypto elements
+ of signatureCrypto/encryptionCrypto of RampartConfig.
+ </p>
+ <ol>
+ <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <b>cryptoKey</b> - <p>As the value of this attribute, specify the property of a Crypto
+ implementation which points to the location of the keystore. For example in
+ Merlin, the
+ property "org.apache.ws.security.crypto.merlin.file" is unique and its pointing to
+ the
+ location of the keystore. Absence of this attribute will not enable caching.</p>
+ </li>
+ <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <b>cacheRefreshInterval</b> - <p>This is the cache refresh interval specified in
+ milliseconds. Any
+ object that resides in the cache longer than this period will be considered as
+ expired.
+ Cache will not be refreshed if this attribute is not present in the configuration.
+ If you
+ do not want to refresh the cache, provide only the "cryptoKey" attribute.</p>
+ </li>
+ </ol>
+ <p>
+ A sample configuration is provided below. It uses the Merlin crypto implementation for
+ signing and encryption. Here, the value of the cryptoKey attribute is eqaul to
+ "org.apache.ws.security.crypto.merlin.file" and the cache refresh interval is 300000
+ milliseconds.
+ </p>
+ <pre xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">servicePW</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </pre>
+ <br></br>
+ <h3>References</h3>1.
+ <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
</body>
</html>