This documentation applies to the 8.1 version of BMC Atrium Core, which is in "End of Version Support." You will not be able to leave comments.

To view the latest version, select the version from the Product version menu.

Apache Rampart modifications

Apache Rampart distribution is included as part of BMC Atrium WAR with several direct modifications to the source. The modifications made to this distribution are intended to overcome unwanted behaviors when using Rampart Basic configuration. The following are descriptions of the files added or changed in the Rampart distribution:

  • META-INF/module.xml — This is a configuration file that is modified and replaces the existing module.xml file in the existing rampart.mar file.
    The handler declaration contained within the OutFaultFlow section is commented out to prevent Rampart (signed or encrypted) from processing outgoing faults. This is to allow the Axis2-based implementation of BMC Atrium Web services to behave similarly to the previous implementation, which only returned faults without security processing.
  • com/bmc/atrium/ws/rampart/BMCRampartBasicUtil.java — This implementation class is added to the Rampart distribution that is distributed with BMC Atrium WAR. It is compiled as a .class file and part of the existing rampart-core-1.5.jar file.
    • This file provides a method (isBMCUtilEnabled ) to determine if the BMC-authored path through Rampart Basic Configuration has been enabled. This method returns true if the bmc.atrium.wssecurity.rampart.bmcutil parameter must be set to ON in a context accessible to the web service that will employ these changes (such as in the axis2.xml file for the global configuration context or in the services.xml file contained within the .aar file for the local service context). If this parameter is absent or is present but is not set to ON, this method returns the value of false.
    • Another set of provided methods (both called validateReceiverResults) validates the received SOAP requests to determine if they fit the action set defined in the Rampart Basic configuration that is retrieved from the context of the invoked service. These methods are intended to be a less stringent alternative to the checkReceiverResults method inherited from the AbstractHandler class in the WSS4J distribution, and they allow the new Axis2-based BMC Atrium Web Services to be more in line with the previous implementation of BMC Atrium Web Services. The new method validates based on the following rules:
      All elements expected in the actions list are encountered in the message except for Encryption, which is treated as optional when specified.
      - Unexpected but harmless elements like Timestamp are allowed to be passed in without a declaration in the actions list.
      - Unexpected UsernameToken, Signature, and Encryption are disallowed if not declared in the actions list.
      - Signature and Encryption are encountered in the same order as in the actions list (with the caveat that Encryption is still treated as optional).
    • An added method (throwWSSEFault) allows the throwing of a fault that is more inline with the WS-Security standard than faults typically thrown when using Rampart Basic configuration.
  • org/apache/rampart/handler/WSDoAllReceiver.java — This class from the Rampart 1.5 source distribution has been modified, compiled into a .class file, and placed into the existing rampart-core-1.5.jar file, replacing the previous class file. The class includes the following modifications:
    • The BMCRampartBasicUtil.validateReceiverResults method executes in place of the AbstractHandler.checkReceiverResults method when the BMCRampartBasicUtil.isBMCUtilEnabled method returns true.
    • Fault messages are more traditional and human readable without reference to the controlling class in the main error message. Also, fault messages are thrown to be more compliant with WS-Security in the wsse namespace when the BMCRampartBasicUtil.isBMCUtilEnabled method returns true.
  • org/apache/rampart/handler/WSDoAllSender.java — This class from the Rampart 1.5 source distribution has been modified, compiled into a .class file, and placed into the existing rampart-core-1.5.jar file, replacing the previous class file. The class includes the following modifications:
    Fault messages are more traditional and human readable without reference to the controlling class in the main error message. Also, fault messages are thrown to be more compliant with WS-Security in the wsse namespace when the BMCRampartBasicUtil.isBMCUtilEnabled method returns true.

    All but the first of these Apache Rampart modifications are optional to any Axis2-based Web Service archive (.aar file) that runs in the BMC Atrium WAR.

    The bmc.atrium.wssecurity.rampart.bmcutil parameter must be set to ON in a context accessible to a web service that intends to employ these changes (such as in the axis2.xml file for the global configuration context or in the services.xml file contained within the .aar file for the local service context). If this parameter is absent or if it is present but not set to ON, the Rampart distribution should behave as the unmodified Rampart 1.5 distribution when using Rampart Basic configuration.

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Comments