What are the Rampart handlers in inflow and what do they do?

org.apache.rampart.handler.RampartReceiver

1. The first point of impact with the Axis2 Security layer

2. Validates the transports - that is if policy requires TransportBinding with HTTPS - then incoming transport should be on HTTPS, also if TransportBinding requires client auth - then the initiator should present a X.509 certificate with the request.

3. If no security header present in the request - this will throw a RampartException for missing security header.

4. Processes the security header

5. Elements inside security header are processed according to the order they found in side the request - or the security header.

6. Each element defined under security header will have a processor [org.apache.ws.security.processor.Processor] associate with it corresponding to the token type.

7. Processing of the entire security header builds up a Vector. Each element in the Vector represents the result of a security action. The elements are ordered according to the sequence of the security actions in the wsse:Signature header. The Vector may be empty if no security processing was performed.

8. Now - validates the incoming message against the defined security policy.[You may also check this out...]

9. Marks the security header block as processed.

org.apache.rampart.handler.WSDoAllReceiver

1. There are two ways Rampart supports security processing - one is policy based security processing as per WS-Security Policy, the other is parameter based security processing.

2. Parameter based security processing is deprecated in Rampart, hence the WSDoAllReceiver handler which supports parameter based security processing is also deprecated.

org.apache.rampart.handler.PostDispatchVerificationHandler

1. Handler to verify the message security after dispatch.

2. Checks whether security is required and it's being processed.