Steps to install
When securing a SOAP message, the sender must know the security actions to be performed on the message and the receiver must know enough details to process and validate the security of the message. Therefore when using Rampart with Axis2, it must be engaged at both ends.
Observe how module has been engaged in server side by opening samples/policy/sample01/services.xml. The following line has engaged the module.
Engaging Rampart at client side is done programatically as follows.
ServiceClient client = new ServiceClient(ctx, null); client.engageModule("rampart");
WS-Security Policy can be used to indicate what security actions that needs be performed on SOAP messages and and what actions should be validated. The file 'samples/policy/sample01/policy.xml' configures Rampart to add Username Token with Timestamp to this message. The element <RampartConfig> in policy.xml defines Rampart specific configurations.
Policy at serverside is included in samples/policy/sample01/services.xml file. This configures Rampart module at serverside to validate the message for Username Token an Timestamp.
More details on RampartConfig can be found here.
It is interesting to view the secured SOAP message on the wire using TCP monitor. Change the "client.port" property in samples/policy/build.xml file to the listening port of TCP monitor. This will send all the messages through TCP monitor when you execute the ant script. Observe the <wsse:Security> header in the SOAP message.