Apache Rampart

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and clients. Rampart currently implements WS-SOAP message security , WS-Security policy , WS-Secure conversation and WS-Trust specifications. In part one of this tutorial, we looked at applying transport-level security to a Web service and a client. In this tutorial, we will look at how to apply message-level security to a Web service and a client using Apache Rampart. Nandana Mihindukulasooriya explains..

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and their clients. Rampart currently implements WS-Security, WS-SecurityPolicy , WS-SecureConversation and WS-Trust specifications. In this tutorial, we will look at applying transport level security to a Web service or a client using Apache Rampart.

WS-Security Policy specification defines a standard way to define how to secure messages exchanged between Web services and clients.  WS-Security policy language can be used to publish security requirements and constrains of a Web service using the WSDL specification. That is, using WS – security policy language, we can drive a Web service security engine to secure out going messages in a certain way and instruct the verification of incoming messages in a standard, defined way. In this article by Nandana Mihindukulasooriya, he looks at main components of the WS–Security Policy Language and how these components can be combined to build a security policy that fulfills security requirements of a Web service.