Rampart > Java

This explains the common issues in wsse:Timestamp validation and the possible fixes.

Apache AXIOM is a StAX based XML info-set model. LLOM (Linked List Object Model) is the default implementation of Apache AXIOM. In addition to this, Apache AXIOM provides another AXIOM implementation which also implements org.w3c.dom.* interfaces (which includes a subset of DOM Level 3 support) called DOOM.

Ruchith takes a moment to talk about Apache Rampart and how it implements the security related Web service specifications for Apache Axis2. He also extends an invitation to all those buzzing minds out there to get on the Rampart bandwagon!

In many practical scenarios a service is expected to encrypt responses to its clients. In such scenarios the service will have to use the client's public key certificate to encrypt the response. It is possible with Apache Axis2 to implement such a scenario in four simple steps using Apache Rampart (the WS-Security module based on Apache WSS4J).

Apache Rampart is the Axis2 module that implements the WS-Security functionality based on Apache WSS4J. WS-Security provides multiple ways in which one can authenticate a user when they need to access a service. One easy mechanisms is to use a UsernameToken.

There has been many queries about setting up the keys and certificates properly for services and clients when securing Web services. By default Rampart/WSS4J supports using Java and PKCS12 keystores, to extract keys and certificates to be used by services and clients.This tutorial explains how to create key pairs for a client and a service, create keys for a certificate authority (CA), sign public key certificates of the client and the service using CA private key and import the certificates into the client at service keystores.

When Apache Rampart(Axis2 module that provides WS-Security and WS-SecureConversation support)/WSS4J is used to secure Web services in Axis2/Axis1.x we can extract the results of security processing at any state of the execution flow.