1.) Download the latest distributions of the required software.
Note : I am using JDK 1.5.0_14.
2.) Extract the jboss-5.0.1.GA.zip to a preferred location on your hard drive. We will refer to this folder as JBOSS_HOME from now onwards.
3.) Deploy Axis2 on JBoss.
We will use the Exploded WAR Deployment. Extract the axis2.war file in to
4.) Deploy Rampart.Copy the rampart-1.4.mar and rahas-1.4.mar to WEB-INF/modules directory.
The deployment structure is illustrated below.
And that's it. Now you can deploy the secure services by copying them to WEB-INF/services directory.
If you want to learn how to secure Axis2 web services using Apache Rampart module, following tutorials may help you to get started.
Web Services Security with Apache Rampart - Part 1 (Transport Level Security) Web Services Security with Apache Rampart - Part 2 (Message-Level Security)
Bookmark this post with:
5 comments:
Hi,
I'm currently doing something smiler to your post, but currently I have stucked with an exception, I really appreciate any of your ideas, Following is my problem..
I'm trying to configure SSL for axis2 on jboss.Following are my Keystore and Truststore parameters in transportReceiver and transportSender beans included in the axis2.xml
(Please note that I have placed spaces between tags, because blogger is trying to recognize them as html tags)
< parameter name="keystore" locked="false">
< KeyStore>
< Location>localhost.jks< /Location>
< Type>JKS< /Type>
< Password>123456< /Password>
< KeyPassword>123456< /KeyPassword>
< /KeyStore>
< /parameter>
< parameter name="truststore" locked="false">
< TrustStore>
< Location>localhost.jks< /Location>
< Type>JKS< /Type>
< Password>123456< /Password>
< /TrustStore>
< /parameter>
When I'm starting the jboss server, everytime it gives an error like this.
java.lang.NullPointerException
at org.apache.axis2.transport.nhttp.HttpCoreNIOSSLListener.getSSLContext(HttpCoreNIOSSLListener.java:96)
at org.apache.axis2.transport.nhttp.HttpCoreNIOListener.init(HttpCoreNIOListener.java:151)
at org.apache.axis2.engine.ListenerManager.start(ListenerManager.java:125)
at org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:442)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1161)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4069)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4373)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:761)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:741)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:553)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.apache.catalina.core.StandardContext.init(StandardContext.java:5310)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
But when I commented out above mentioned parameters from axis2.xml file, server starts sucessfully without any errors. But the service cannot be accessed correctly, because the certificate is not there..
Please help me...
Hi,
I have something like this in my services.xml:(extra space added for tags)
< sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
< wsp:Policy> < sp:TransportToken>
< wsp:Policy>
< sp:HttpsToken RequireClientCertificate="false"/>
< /wsp:Policy>
....
When I try to access the WS, I get an error that sais I must use https, not http.
Q1: Is there something like sp:HttpToken?
I must use a way to authenticate the client that makes the request, so I use the "policy" approach. If I comment the "sp:HttpToken", I am able to use the WS with no problems, but I cannot have the wsdl generated (when I add ?wsdl at the end of the WS URL, a null pointer exception is thrown)
I use Tomcat to deploy my WS.
Is there another way to solve this problem beside configure tomcat to use https?
Tks a lot!
Hi Nandana,
After reading the Apache Rampart setup on JBoss, I could not get any operation on of the Apache Rampart STS web service.
Can you please explain how to get the Security Token Service operations in detail?
Hi,
I have a web service developed in Java with CXF. I use dotNet client for that web service. Can you please tell me how to configure Apache Rampart STS to get the SAML token on client side? After sending this SAML token to Service , how to use STS to authenticate this SAML token?
I will be very thankful to you !
Hi Nandana,
I am using Jboss with Axis2 1.3, java web service. Need to encrypt the SOAP message so trying to use Rampart 1.4. I am new to the security and encryption setup and use. Can you please point me to a tutorial or examples?
Thanks,
SM
Post a Comment