NonStop SOAP 4.1 User's Manual
Publishing the Security Requirements
The security requirements of the NonStop SOAP 4 service must be shared with the client program
developer to build a secured SOAP message. The service developer provides the client program
developer with a policy.xml file that contains the WS-SecurityPolicy assertions.
You can extract the <wsp:Policy>.....</wsp:Policy> tag from services.xml to create
a policy.xml file that can be sent to the client.
Apart from the policy.xml, the service developer must share the username and password if the
security requirement has username token policies. Service developer must communicate the username
details to the client developer in a secured way.
If your security requirement has encryption, then you must also share the public key. The public
key is used to encrypt SOAP message.
Configuring the Client to Invoke a Secured Web Service
Based on the security requirements of the service, you can configure the client to build a secure
SOAP message.
Configuring the Axis2c Client
Before you start the client configuration, you must have the Axis2c libraries that include the Rampart
module installed on your system. You can use the Rampart module library to build a secure SOAP
message.
NonStop SOAP service is based on Axis2c and hence configuring the Axis2c client is straightforward
with the artifacts shared by the service developer.
The steps used to configure the Axis2c client are:
1. Create a client repository
Client repository is a local directory which is used by the Axis2c client to read the configuration
files.
a. Create a local directory and copy the policy.xml file shared by the service developer.
b. Copy the axis2.xml, Axis2c libraries, and Rampart module from your Axis2c installation
directory to the client repository.
If you are planning to run the client program from the system where NonStop SOAP 4
server is installed, then you must not install Axis2c separately. The required objects can
be copied from <NonStop SOAP 4 Deployment Directory>
You can access the files from the following paths:
<NonStop SOAP 4 Deployment Directory> – This folder contains the axis2.xml file.
<NonStop SOAP 4 Deployment Directory>/lib – This folder contains the Axis2c libraries.
<NonStop SOAP 4 Deployment Directory>/modules/rampart – This folder contains the
Rampart module.
c. You must ensure that the Rampart module is enabled and the security phase is activated
in axis2.xml. The following shows the rampart module enabled in axis2.xml:
<axisconfig name="Axis2/C">
.............
<!-- ============= -->
<!-- Global Modules -->
<!-- =============== -->
.........
<module ref="rampart"/>
<!-- ============== -->
<!-- Phases -->
<!-- ============== -->
<phaseOrder type="inflow">
<!-- System pre defined phases-->
<phase name="Transport"/>
<phase name="PreDispatch"/>
<phase name="Dispatch"/>
<phase name="PostDispatch"/>
Publishing the Security Requirements 277