Rampart Quick Start Guide

Installing Rampart module in Axis2

Steps to install

  1. If you haven't installed Axis2, then download and extract the standard binary distribution. Make sure you have set the AXIS2_HOME environment variable
  2. Run ant from the "samples" directory to copy the required libraries and modules to relevant directories in AXIS2_HOME.

Engaging Rampart

When securing a SOAP message, the sender must know the security actions to be performed on the message and the receiver must know enough details to process and validate the security of the message. Therefore when using Rampart with Axis2, it must be engaged at both ends.

Observe how module has been engaged in server side by opening samples/policy/sample01/services.xml. The following line has engaged the module.

Engaging Rampart at client side is done programatically as follows.

            ServiceClient client = new ServiceClient(ctx, null);
            client.engageModule("rampart");
        

Understanding policy

WS-Security Policy can be used to indicate what security actions that needs be performed on SOAP messages and and what actions should be validated. The file 'samples/policy/sample01/policy.xml' configures Rampart to add Username Token with Timestamp to this message. The element <RampartConfig> in policy.xml defines Rampart specific configurations.

Policy at serverside is included in samples/policy/sample01/services.xml file. This configures Rampart module at serverside to validate the message for Username Token an Timestamp.

More details on RampartConfig can be found here.

Viewing the Message on wire

It is interesting to view the secured SOAP message on the wire using TCP monitor. Change the "client.port" property in samples/policy/build.xml file to the listening port of TCP monitor. This will send all the messages through TCP monitor when you execute the ant script. Observe the <wsse:Security> header in the SOAP message.