Rampart

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and clients. Rampart currently implements WS-SOAP message security , WS-Security policy , WS-Secure conversation and WS-Trust specifications. In part one of this tutorial, we looked at applying transport-level security to a Web service and a client. In this tutorial, we will look at how to apply message-level security to a Web service and a client using Apache Rampart. Nandana Mihindukulasooriya explains..

Apache Rampart is the Axis2 module that provides WS-Security functionality to Axis2 Web services and their clients. Rampart currently implements WS-Security, WS-SecurityPolicy , WS-SecureConversation and WS-Trust specifications. In this tutorial, we will look at applying transport level security to a Web service or a client using Apache Rampart.

WS-Security Policy specification defines a standard way to define how to secure messages exchanged between Web services and clients.  WS-Security policy language can be used to publish security requirements and constrains of a Web service using the WSDL specification. That is, using WS – security policy language, we can drive a Web service security engine to secure out going messages in a certain way and instruct the verification of incoming messages in a standard, defined way. In this article by Nandana Mihindukulasooriya, he looks at main components of the WS–Security Policy Language and how these components can be combined to build a security policy that fulfills security requirements of a Web service.

No service is successful unless they are secure. In the context of Web services what does security really mean? In this article, Kaushalye Kapuruge discusses this.

In this podcast, Ruchith Fernando talks about Rahas, the WS-Trust implementation of Apache Rampart. He talks about the architecture of Rahas and how you can extend it.

This explains the common issues in wsse:Timestamp validation and the possible fixes.

Apache AXIOM is a StAX based XML info-set model. LLOM (Linked List Object Model) is the default implementation of Apache AXIOM. In addition to this, Apache AXIOM provides another AXIOM implementation which also implements org.w3c.dom.* interfaces (which includes a subset of DOM Level 3 support) called DOOM.