NonStop SOAP 4.1 User's Manual
<!-- End system pre defined phases-->
<!-- After PostDispatch phase, module or service author can add any phase as required-->
<!-- User defined phases could be added here -->
<!--phase name="userphase1"/-->
<phase name="Security"/>
</phaseOrder>
<phaseOrder type="outflow">
<!-- User defined phases could be added here -->
<!--phase name="userphase1"/-->
<!--system predefined phase-->
<phase name="MessageOut"/>
<phase name="Security"/>
</phaseOrder>
......
</axisconfig>
2. Setting up the key store
To encrypt the message that is sent to the server, the client must have the public key of the
service. You can take the public key from the service developer.
If the client wants to sign a message, then you must have a private key (X.509 certificate).
You can use OpenSSL to create a certificate yourself or get it from Certification Authority.
3. Writing the password provider
This is similar to the password provider library provided by the service provider. This library
provides the password for the client’s private key and for the username token.
4. Configuring the Rampart module
The policy.xml file shared by the service developer, contains the Rampart specific
configuration details, such as password provider library location, public key, and private key
locations. You must change the path to your key store and the password provider library.
5. Invoking the service
For invoking a Web service from Axis2c client, you must provide the client repository path in
your program as follows:
svc_client = axis2_svc_client_create(env, "/my/path/to/client/repository");
Configuring Non–Axis2c Clients
You can invoke the NonStop SOAP 4 service from other client programs, such as .NET or Java.
The client program must have the required framework to build the secure SOAP message.
The two methods to configure the client are:
• WS-SecurityPolicy approach:
The policy.xml can be used by the tools to build the stubs. The policy.xml contains
Rampart specific assertions such as path to certificates. Based on your framework requirements,
these assertions must be replaced or removed.
• Non WS-SecurityPolicy approach:
The policy.xml shared by the service developer can be used for security requirements.
Accordingly, you can configure the client program to meet the security requirements.
Extensible Modules
The service developer or a client program developer can customize the password lookup functionality
of a Rampart module to suit the customer requirement. The service developer can also customize
the authentication functionality of the Rampart module.
The following are the two Rampart modules that can be extended:
278 WS–Security in NonStop SOAP 4