The following sections only apply to the WSRF web application. The RESTful web application does not support the wsrf-engine.config file.
In order to setup a wsag4j server instance, a few common service parameters must be configured. These service parameters are configured in the wsrf-engine.config file. The wsrf-engine.config file is located in the /WEB-INF/classes/ folder of the wsag4j web application. The parameters that are configured here are e.g. the gateway address, the wsag4j key store, the wsag4j trust store, additional security handlers, and the wsag4j engine instances that are hosted by the wsag4j server.
The gateway address is the external address of the wsag4j service. Usually it is the address of the deployed web-application. However, there might be cases where wsag4j service should be integrated with a web server (e.g. Apache HTTP server). In this case, the gateway address is the address that clients use to access the service.
WSAG4J uses WS-Security by default, in order to identify clients via digital signatures and to assure that messages are delivered in time (e.g. 5 minutes) by using time stamps. Therefore, wsag4j requires a server key store, which contains the server certificate and private key, and a trust store, which holds the certificates of the trusted CA's.
By default the wsag4j implementation uses a security handler, that extracts common security properties from a SOAP message and places them in the wsag4j message context. These properties include the client certificate and the client certificate chain. The handling of security properties is done by a default security handler, that ships with the wsag4j framework. However, it is possible to add custom security handler(s) to the wsag4j engine. This is achieved by adding a new handler section to the SecurityHandlerChain element of the wsrf-engine.config.
<mss-config:Configuration xmlns:mss-config="http://config.types.mss.scai.fraunhofer.de">
<mss-config:SecurityHandlerChain>
<mss-config:Handler>
<mss-config:HandlerName>WSAG4J_SECURITY_HANDLER</mss-config:HandlerName>
<mss-config:ImplementationClass>org.ogf.graap.wsag.security.core.server.WSSecurityHandler</mss-config:ImplementationClass>
</mss-config:Handler>
<mss-config:Handler>
<mss-config:HandlerName>CUSTOM_SECURITY_HANDLER</mss-config:HandlerName>
<mss-config:ImplementationClass>custom.implementation.class</mss-config:ImplementationClass>
</mss-config:Handler>
</mss-config:SecurityHandlerChain>
</mss-config:Configuration>
WSAG4J supports multiple agreement factories within one web application. This can be useful e.g. when you have a set of systems that should be accesses via the WS-Agreement protocol. Instead of having a separate web application for each system, wsag4j allows you to have one agreement factory per system, each factory represented by a separate engine. The WSAG4JEngineInstances configuration section allows you to specify a set of configuration files, where each configuration file configures a separate AgreementFactory.
<wsag4j-config:WSAG4JEngineInstances>
<wsag4j-config:WSAG4JEngine wsag4j-config:EngineConfigurationFile="/wsag4j-engine/instance1/wsag4j-engine.config" />
<wsag4j-config:WSAG4JEngine wsag4j-config:EngineConfigurationFile="/wsag4j-engine/instance2/wsag4j-engine.config" />
</wsag4j-config:WSAG4JEngineInstances>
For more detailed description on how to configure a wsag4j engine instance see actions configuration.