Security Configurations
The OASIS WS-Security V1.0 (WSSE) standard establishes a framework for assuring the integrity and confidentiality of SOAP messages. Message integrity is assured via digital signature, and confidentiality of message data is achieved via encryption. The standards referenced by WS-Security V1.0 are supported by Process Server.
To use WS-Security features, you must set up the container in which Process Server is deployed with the necessary certificates manager or keystores that are often used for standard SSL processing. Also, you must provide a properties file that contains settings required for Process Server to interact with your platform’s encryption and certificate management. The properties file is named crypto.properties.
The following properties must be set in crypto.properties to match the your platform:
- • org.apache.ws.security.crypto.provider=<provider>
where <provider> must be the default unless a custom provider is supplied that implements the apache crypto interface. The default is: org.apache.ws.security.components.crypto.Merlin
- • org.apache.ws.security.crypto.merlin.keystore.type=<type>
The <type> is based on the format of the keystore, usually jks or pks12.
- • org.apache.ws.security.crypto.merlin.keystore.alias=<alias>
The <alias> is the name that the private key and certificate are known by.
- • org.apache.ws.security.crypto.merlin.keystore.password=<password>
where <password> is an optional property. Include a password if one is required for a keystore.
- •org.apache.ws.security.crypto.merlin.file=<keystore filename>
The keystore must be accessible by the server from the file system using the path specified by org.apache.ws.security.crypto.merlin.file in crypto.properties. Also, the crypto.properties file must be available on the server's classpath. The target location of these files varies depending on the target platform.
The following is an example of crypto.properties:
org.apache.ws.security.crypto.merlin.keystore.password=pw
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.file=ae.keystore
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.alias=myadmin