使用带有自己的安全框架的axis2 ramaprt模块 [英] using axis2 ramaprt module with own security framework
问题描述
我在项目中使用axis2实现了webservice(服务器端)。我们希望在现有Web服务中启用WS-security。我们正在评估apache ramapart模块是否符合我们的需求。这是我们的要求:
基本上我们有内部安全框架,提供加密,签名和令牌生成功能。我们的内部安全框架基本上需要一组XML形式的配置,它会公开各种API来执行各种安全操作。
I have webservice (server-side) implemented using axis2 in my project. We want to enable WS-security in the existing web services. We are evaluating if apache ramapart module fits our need. Here is our requirement: Basically we have in-house security framework which provides encryption,signature and token generation capabilites. Our in-house security framework basically requires a set of configurations in form of XML and it expose various APIs to do various security operations.
现在有了上述环境,我能想到三个可能的解决方案: -
Now with above environment, I can think of three possbile solutions:-
-
我可以围绕内部安全框架开发一个axis2模块并将其安装为.mar文件在安全阶段。所以我不会使用apache rampart。但是这种方法的问题是我不能使用ws-security策略来指定安全断言并确保传入的安全性令牌符合有效的策略。这就像重新发明轮子已经做的那样。
I can develop an axis2 module around in-house security framework and install it as .mar file in security phase. So I will not use apache rampart. But issue with this approach is I can't use ws-security policy to specify security assertions and making sure incoming security tokens conforms to effective policy. It is like reinventing wheel what rampart already doing.
我相信apache rampart强调要求apache wss4j模块进行安全操作。我相信apache wss4j模块提供了一种注册第三方安全提供程序的方法(通过实现CryptoProvider接口)。我不确定这是否是可行和可行的解决方案。请建议。
I believe apache rampart underlines call to apache wss4j module for security operations. I believe apache wss4j module provides a way to register 3rd party security provider (by implemeting CryptoProvider interface). I am not sure if this is feasible and viable solution. Please suggest.
Ws-security策略允许使用自定义令牌。可以使用我们的内部安全框架构建此自定义令牌。所以基本上它使我们能够使用apache rampart模块创建ws-security策略,并使用我们的安全框架开发自定义令牌。但我在互联网上找不到这方面的帮助。有没有人可以帮忙举例。
Ws-security policy allows to use a custom token. This custom token can be built up using our in-house security framework. So basically it enables us to create ws-security policy using apache rampart module and have custom token developed using our security framework. But I could not find help regarding this on internet. Could anyone please help with example.
其他任何建议也是最受欢迎的。
any other suggestions are also most welcome.
推荐答案
我在这里发布了一个答案:如何手动加密SOAP消息?
I've posted an answer here: How to encrypt SOAP messages manually?
有一个非常详细的例子,你可能觉得它很有用。
There is a very detailed example there that you might find useful.
您可以使用以下方式设置提供者:
you can set the provider by using :
cryptoConfig.setProvider(PROVIDER);
关于自定义安全标题,我很抱歉,但我没试过,所以我可以'帮助你。
Regarding the custom security headers, I'm sorry but I didn't try it so I can't help you there.
这篇关于使用带有自己的安全框架的axis2 ramaprt模块的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
