Rampart

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and clients. Rampart currently implements WS-SOAP message security , WS-Security policy , WS-Secure conversation and WS-Trust specifications. In part one of this tutorial, we looked at applying transport-level security to a Web service and a client. In this tutorial, we will look at how to apply message-level security to a Web service and a client using Apache Rampart. Nandana Mihindukulasooriya explains..

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and their clients. Rampart currently implements WS-Security, WS-SecurityPolicy , WS-SecureConversation and WS-Trust specifications. In this tutorial, we will look at applying transport level security to a Web service or a client using Apache Rampart.

WS-Security Policy specification defines a standard way to define how to secure messages exchanged between Web services and clients.  WS-Security policy language can be used to publish security requirements and constrains of a Web service using the WSDL specification. That is, using WS – security policy language, we can drive a Web service security engine to secure out going messages in a certain way and instruct the verification of incoming messages in a standard, defined way. In this article by Nandana Mihindukulasooriya, he looks at main components of the WS–Security Policy Language and how these components can be combined to build a security policy that fulfills security requirements of a Web service.

We all know that it is possible to use the feature known as 'Username tokens' in Apache Rampart/C to "Authenticate" a user. This feature can be used to verify if a user has access to a given system or not. Security requirements of a service does not end there. A system cannot grant carte blanche access blindly to its users. It needs to be more specific on credentials. For example, both Alice and Bob are in the system but only Alice can access my personal details.

No service is successful unless they are secure. In the context of Web services what does security really mean? In this article, Kaushalye Kapuruge discusses this.

Rampart/C is the security module of the Apache Axis2/C web services engine. The following tutorial by Kaushalye Kapuruge will guide you on how to configure Rampart/C in order to satisfy different security requirements in SOAP message exchanges.

In this podcast, Ruchith Fernando talks about Rahas, the WS-Trust implementation of Apache Rampart. He talks about the architecture of Rahas and how you can extend it.

This explains the common issues in wsse:Timestamp validation and the possible fixes.