I have a webservice (server side) implemented using axis2 in my project. We want to incorporate WS-security into existing web services. We evaluate whether apap ramapart is suitable for our needs. Here is our requirement: Basically, we have an internal security structure that provides the ability to encrypt, sign and create tokens. Our internal security framework basically requires a set of configurations in the form of XML and provides various APIs for performing various security operations.
Now, with the help of the above environment, I can think of three possible solutions: -
I can develop the axis2 module around my own security infrastructure and install it as a .mar file in the security phase. Therefore, I will not use apache rampart. But the problem with this approach is that I cannot use the ws-security policy to specify security claims and ensure that incoming security tokens are consistent with an effective policy. It is like reinventing the wheel, which the shaft is already doing.
I believe apache rampart refers to the apache wss4j module for security operations. I believe the apache wss4j module provides a way to register a third-party security provider (by implementing the CryptoProvider interface). I am not sure if this is a feasible and viable solution. Please suggest.
The Ws security policy allows the use of a custom token. This custom token can be created using our own security infrastructure. Thus, basically it allows us to create a ws security policy using the apache rampart module and have a custom token developed using our security system. But I could not find help on this subject on the Internet. Can anyone help with an example.
Any other suggestions are also welcome.
source
share