NonStop SOAP 4.1 User's Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

271

272

273

274

275

276

277

278

279

280

1. Password provider

• The service verifies if the incoming request message has the proper password set. For

this, the Rampart module must retrieve the password associated with the username from

the service and compare it with the one that is set in the request message.

• The password can be stored in a database, LDAP or some other storage based on the

service requirements.

To make the password retrieval logic more flexible, Rampart provides the password

callback provider. You can create a password callback provider with an user defined

password retrieval logic.

The provider can be linked with the rampart by specifying the rampart module assertion

“PasswordCallbackClass” in the security policies. While processing the request at runtime,

rampart module invokes the password provider library by passing the username, to get

the password for the user.

• You can notice the sample password provider placed at “Sample Programs” (page 279).

You can also use this provider to retrieve the password to read the private key for signing

the message.

The developer must add the rampart assertion ‘EncryptionUser’ in the policy file to retrieve

the password for the private key.

• You can use a flat file or database to associate the password to the user.

Rampart module invokes the provider with the help of the username to retrieve the

password. The password can be used to validate the UserNameToken or to read the

private key.

The client program developer who uses Axis2c service can also use the same steps to retrieve

the password.

2. Authentication provider

The Rampart module uses the username mentioned in the request message to invoke the

password provider. The actual authentication happens inside the Rampart module. To customize

the authentication functionality, the authentication provider can be added in the security policy

by using the rampart assertion AuthnModuleName.

For more information on the sample authentication provider, see “Sample Programs” (page 279).

Sample Programs

The developer can locate the WS-Security sample programs at <NonStop SOAP 4 Installation

Directory>/sample_services/sec_echo

The descriptions about the different directories that are placed in the sec_echo folder are:

Table 24 WS-Security Sample Programs Directory

DescriptionDirectory

This directory contains the source of the sample service. The developer

can configure different security scenarios that are described under

Service : ./service

the secpolicy folder. The service returns the same message that it

receives from the client.

This directory contains the source of the client program that can send

secured SOAP messages.

Client: ./client

This directory provides several scenarios that displays how the

WS-Security features can be configured through WS-SecurityPolicy

Security policies:

./secpolicy/scenarioX

language. For more information on WS-Security scenarios, see

“WS-Security Scenarios ” (page 281).

Sample Programs 279