You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-commits@axis.apache.org by sh...@apache.org on 2010/12/21 11:16:31 UTC

svn commit: r1051445 - /axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml

Author: shankar
Date: Tue Dec 21 10:16:31 2010
New Revision: 1051445

URL: http://svn.apache.org/viewvc?rev=1051445&view=rev
Log:
Applying patch from RAMPART-306

Modified:
    axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml

Modified: axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml
URL: http://svn.apache.org/viewvc/axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml?rev=1051445&r1=1051444&r2=1051445&view=diff
==============================================================================
--- axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml (original)
+++ axis/axis2/java/rampart/trunk/modules/documentation/src/site/xdoc/rampartconfig-guide.xml Tue Dec 21 10:16:31 2010
@@ -43,14 +43,14 @@
 		</td></tr>
     <tr class="b"><td>encryptionCypto</td><td>properties to needed perform signature, such as crypto
         provider, keystore and its password</td><td>
-<pre>        
+<pre>
 &lt;encryptionCypto&gt;
     ....crypto element ......
 &lt;/encryptionCypto&gt;
 </pre></td></tr>
     <tr class="a"><td>decryptionCrypto</td><td>properties to needed perform signature, such as crypto
         provider, keystore and its password</td><td>
-<pre>  
+<pre>
 &lt;decryptionCrypto&gt;
     ....crypto element ......
 &lt;/decryptionCrypto&gt;</pre></td></tr>
@@ -67,10 +67,66 @@
 the org.apache.ws.security.components.crypto.Crypto interface to provide the
 crypto information required by WSS4J. The other properties defined are the
 configuration properties used by the implementation class
-(org.apache.ws.security.components.crypto.Merlin). 
+(org.apache.ws.security.components.crypto.Merlin).
 <br></br>
-<a name="ref"></a><a name="references"></a></p>
-<a name="References"></a>
-<h3>References</h3>1. <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
+      <a name="ref"></a>
+      <a name="references"></a>
+  </p>
+      <a name="References"></a>
+      <h3>Crypto Caching</h3>
+      <p>Enabling caching of crypto objects will improve the performance of security processing.
+          After
+          enabling crypto caching, the crypto objects will be read from a cache instead of
+          constructing them by reading the keystore files.
+      </p>
+      <p>To enable caching of Crypto objects, two attributes should be added to the crypto elements
+          of signatureCrypto/encryptionCrypto of RampartConfig.
+      </p>
+      <ol>
+          <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+              <b>cryptoKey</b> - <p>As the value of this attribute, specify the property of a Crypto
+              implementation which points to the location of the keystore. For example in
+              Merlin, the
+              property "org.apache.ws.security.crypto.merlin.file" is unique and its pointing to
+              the
+              location of the keystore. Absence of this attribute will not enable caching.</p>
+          </li>
+          <li xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+              <b>cacheRefreshInterval</b> - <p>This is the cache refresh interval specified in
+              milliseconds. Any
+              object that resides in the cache longer than this period will be considered as
+              expired.
+              Cache will not be refreshed if this attribute is not present in the configuration.
+              If you
+              do not want to refresh the cache, provide only the "cryptoKey" attribute.</p>
+          </li>
+      </ol>
+      <p>
+          A sample configuration is provided below. It uses the Merlin crypto implementation for
+          signing and encryption. Here, the value of the cryptoKey attribute is eqaul to
+          "org.apache.ws.security.crypto.merlin.file" and the cache refresh interval is 300000
+          milliseconds.
+      </p>
+      <pre xmlns="http://www.w3.org/1999/xhtml" xml:space="preserve">
+          &lt;ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";&gt;
+            &lt;ramp:signatureCrypto&gt;
+                &lt;ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000"&gt;
+                    &lt;ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type"&gt;JKS&lt;/ramp:property&gt;
+                    &lt;ramp:property name="org.apache.ws.security.crypto.merlin.file"&gt;service.jks&lt;/ramp:property&gt;
+                    &lt;ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password"&gt;servicePW&lt;/ramp:property&gt;
+                &lt;/ramp:crypto&gt;
+            &lt;/ramp:signatureCrypto&gt;
+            &lt;ramp:encryptionCypto&gt;
+                &lt;ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin" cryptoKey="org.apache.ws.security.crypto.merlin.file" cacheRefreshInterval="300000&gt;
+                    &lt;ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type"&gt;JKS&lt;/ramp:property&gt;
+                    &lt;ramp:property name="org.apache.ws.security.crypto.merlin.file"&gt;service.jks&lt;/ramp:property&gt;
+                    &lt;ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password"&gt;apache&lt;/ramp:property&gt;
+                &lt;/ramp:crypto&gt;
+            &lt;/ramp:encryptionCypto&gt;
+          &lt;/ramp:RampartConfig&gt;
+      </pre>
+      <br></br>
+      <h3>References</h3>1.
+      <a href="http://ws.apache.org/wss4j">Apache WSS4J -Home</a>
   </body>
 </html>