Documente Academic
Documente Profesional
Documente Cultură
CORISECIO GmbH - Uhlandstr. 9 - 64927 Darmstadt - Germany - www.corisecio.de - Copyright 2011 - All Rights Reserved
secRT
1. System requirements ............................................................................................................................. 1
1. securityRunTime ........................................................................................................................... 1
1.1. Tomcat ............................................................................................................................. 1
2. Functional overview ............................................................................................................................... 2
1. Message types ............................................................................................................................. 2
1.1. BSFObject ......................................................................................................................... 2
1.2. HTTPObject ....................................................................................................................... 2
1.3. HTTPRequest .................................................................................................................... 2
1.4. HTTPResponse .................................................................................................................. 2
1.5. SOAPMessage ................................................................................................................... 2
2. Data types ................................................................................................................................... 2
2.1. crs:multiLineString ............................................................................................................... 2
2.2. crs:xpath ........................................................................................................................... 2
2.3. crs:certificate ...................................................................................................................... 2
2.4. crs:privateKey .................................................................................................................... 2
2.5. crs:role ............................................................................................................................. 3
3. Listener ....................................................................................................................................... 3
3.1. AppServer listener #1 .......................................................................................................... 3
3.2. Secure AppServer listener #1 ................................................................................................ 3
3.3. Authenticating Secure AppServer listener #1 ............................................................................ 3
4. Functions ..................................................................................................................................... 3
4.1. BrowserProxy ..................................................................................................................... 3
4.2. CalculateMD5Function ......................................................................................................... 4
4.3. CheckMD5Function ............................................................................................................. 4
4.4. CreateSOAPMessageFromWSDL .......................................................................................... 4
4.5. DumpHTTP ........................................................................................................................ 4
4.6. EntityHasRole .................................................................................................................... 5
4.7. EnvelopeInRequest ............................................................................................................. 5
4.8. EnvelopeInResponse ........................................................................................................... 5
4.9. ExtractFromRequest ............................................................................................................ 5
4.10. ExtractFromResponse ........................................................................................................ 6
4.11. GetFormDataValue ............................................................................................................ 6
4.12. HTTP error page ............................................................................................................... 6
4.13. HTTPResponseFromRequestBody ........................................................................................ 7
4.14. Proxy .............................................................................................................................. 7
4.15. SetExecVariableFunction .................................................................................................... 7
4.16. SetSecRTEntity ................................................................................................................. 8
4.17. SetValueOfXPath .............................................................................................................. 8
4.18. SOAPAttachmentSwitch ...................................................................................................... 9
4.19. UnwrapHTTP .................................................................................................................... 9
4.20. Webservice Dispatcher ....................................................................................................... 9
4.21. WrapHTTP ....................................................................................................................... 9
4.22. XMLValueToExecutionVariable ........................................................................................... 10
Index .................................................................................................................................................... 11
CORISECIO
Chapter 1. System requirements
1. securityRunTime
1.1. Tomcat
The statements regarding processor, RAM and hard disk memory may be taken as guideline values only, as the need for
system ressources is mainly dependent on the secRT use. Reliable statements may only be achieved by testing within your
system environment.
CORISECIO 1
Chapter 2. Functional overview
1. Message types
The functions edit message types. In the following image basic message types are shown:
Message types may be deduced from each other. This means that the deduced type also owns the propertiesof the superior
type. In the image arrows point from the deduced message types to their superior types. A function processing a message
type, may also process deduced message types.
1.1. BSFObject
The message type BSFObject is the root of the type hierarchy. BSFObject does not own visible properties and serves
as root only.
1.2. HTTPObject
An HTTPObject contains the shared data of HTTP requests and HTTP responses.
1.3. HTTPRequest
An HTTP request is represented by HTTPRequest
1.4. HTTPResponse
An HTTP response is shown as HTTPResponse in the system.
1.5. SOAPMessage
A SOAP message is represented by the message type SOAPMessage.
2. Data types
2.1. crs:multiLineString
A crs:multiLineString represents a multi-line string.
2.2. crs:xpath
A crs:xpath represents an XPath expression. Supported is XPath Version 1.0 (based on Xalan 2.7.0).
Please note that XPath is namespace-sensitive and uses //*[local-name()='CityName' and names-
pace-uri()='www.webserviceX.NET'] expressions to operate on nodes wtih namespace specified.
2.3. crs:certificate
A crs:certificate represents a Base-64 encoded X.509 (.CER) certificate.
2.4. crs:privateKey
A crs:privateKey represents a private key container (supported are .p12 and .jks) with RSA (max. key length 1024) key.
CORISECIO 2
2.5. crs:role
A crs:role represents a created role, which may be assigned to none, one or many users.
3. Listener
3.1. AppServer listener #1
The listener AppServer listener #1 is a Catalina-Engine, listening to a port and waiting for HTTPRequests. Then
HTTPRequests are processed according to the model. The result is returned to the inquirer as HTTPResponse.
The listener AppServer listener #1 contains the following configuration parameter.
4. Functions
4.1. BrowserProxy
The function BrowserProxy executes an HTTPRequest at the host set in Host-Header. With this function a non-trans-
parent proxy may be realized.
The function BrowserProxy contains the following configuration parameter:
CORISECIO 3
Parameter Type Required Description
Schema xsd:string yes The URL scheme (http or https).
4.2. CalculateMD5Function
The function CalculateMD5Function calculates the md5 checksum of the HTTPRequest content respectively HTTPRe-
sponse content and adds it as the specified header field.
The function CalculateMD5Function contains the following configuration parameter:
4.3. CheckMD5Function
The function CheckMD5Function calculates the md5 checksum of the HTTPRequest content respectively HTTPResponse
content and checks the specified header field for equality.
The function CheckMD5Function contains the following configuration parameter:
4.4. CreateSOAPMessageFromWSDL
The function CreateSOAPMessageFromWSDL creates a SOAPMessage from the WSDL.
SOAP 1.1 messages receive text/xml; charset=utf-8 as content type. SOAP 1.2 message content type is appli-
cation/soap+xml; charset=utf-8.
The function CreateSOAPMessageFromWSDL contains the following configuration parameters:
4.5. DumpHTTP
The function DumpHTTP saves SOAPMessages in the given file. At present the function does not contain support for SOAP
Attachments. Therefore, it may not be used for processing of accordant messages.
CORISECIO 4
The function DumpHTTP contains the following configuration parameter:
4.6. EntityHasRole
The function EntityHasRole verifies if the variable given by the parameter entityVarName identifies a user, who has
been given a role specified by the parameter Authorized role . In the positive case the result is true, in the negative
case false. The BSFObject is not analyzed and remains unmodified. Please note that this function is only relevant for
the enterprise version of securityRunTime.
The function EntityHasRole contains the following configuration parameters:
4.7. EnvelopeInRequest
The function EnvelopeInRequest adds a SOAPMessage to the body of an HTTPRequest .
The function EnvelopeInRequest does not contain any configuration parameters.
For SOAPMessage the function contains the following signature:
4.8. EnvelopeInResponse
The function EnvelopeInResponse adds a SOAPMessage to the body of an HTTPResponse.
The function EnvelopeInResponse does not contain any configuration parameters.
For SOAPMessage the function contains the following signature:
4.9. ExtractFromRequest
The function ExtractFromRequest extracts a SOAPMessage from the body of an HTTPRequest.
The function ExtractFromRequest does not contain any configuration parameters.
CORISECIO 5
For HTTPRequest the function contains the following signature:
4.10. ExtractFromResponse
The function ExtractFromResponse extracts a SOAPMessage from the body of an HTTPResponse.
The function ExtractFromResponse does not contain any configuration parameters.
For HTTPResponse the function contains the following signature:
4.11. GetFormDataValue
The function GetFormDataValue reads the value from a form-data-field specified with the name and writes it into an
execution variable.
The function GetFormDataValue contains the following configuration parameters:
CORISECIO 6
4.13. HTTPResponseFromRequestBody
The function HTTPResponseFromRequestBody generates an HTTPResponse with header and body from the given
HTTPRequest.
The function HTTPResponseFromRequestBody contains the following configuration parameter:
4.14. Proxy
The function Proxy proceeds an HTTPRequest at a destination configured as parameter.
The function Proxy contains the following configuration parameters:
4.15. SetExecVariableFunction
The function SetExecVariableFunction sets the value of an execution variable. All functions called later, do have access
to this execution variable and its value.
This function may be used in conjunction with EncryptXPath expecting an username execution variable to be set to the
owner of a certificate used for encryption.
CORISECIO 7
The function SetExecVariableFunction contains the following configuration parameters:
4.16. SetSecRTEntity
The function SetSecRTEntity assigns an entity to the securityRunTime. This is only effective if the securityRunTime
in the Connector will be administrated locally.
Certain functions require e.g. access to the private or public key or the name of the securityRunTime. At local administration,
the securityRunTime does not have a given entity at first. This may be changed via SetSecRTEntity. An assignment
is done only once; each further call of SetSecRTEntity does not have any effect. Usually, SetSecRTEntity is used at
the beginning of a modeled workflow.
At central administration (generation and deployment of Security Rules via the Security Broker), the securityRunTime is
automatically assigned with an entity. It results from the server name and the server's key pair. A call of SetSecRTEntity
has no effect.
The function SetSecRTEntity contains the following configuration parameter:
4.17. SetValueOfXPath
The function SetValueOfXPath changes the values of the xml node given by the xpath.
The function SetValueOfXPath contains the following configuration parameters:
CORISECIO 8
For SOAPMessage the function contains the following signature:
4.18. SOAPAttachmentSwitch
The function SOAPAttachmentSwitch checks if a SOAPMessage contains one attachment at least.
The function SOAPAttachmentSwitch contains no configuration parameters.
For SOAPMessage the function contains the following signature:
4.19. UnwrapHTTP
The function UnwrapHTTP decodes an HTTPRequest or an HTTPResponse, having been encoded with the function
WrapHTTP (see Section 4.21, WrapHTTP) into an XML structure.
The function UnwrapHTTP does not contain any configuration parameters.
For SOAPMessage the function contains the following signature:
4.21. WrapHTTP
The function WrapHTTP encodes an HTTPRequest or an HTTPResponse into an XML structure, inserted to the body
of a SOAPMessage. The appropriate element may be restored with the function UnwrapHTTP (see Section 4.19, Un-
wrapHTTP) .
The function WrapHTTP does not contain any configuration parameters.
For HTTPRequest and HTTPResponse the function contains the following signature:
CORISECIO 9
Result name Result type Type Description
enveloped ok SOAPMessage A SOAP message with the object encodes to an XML struc-
ture .
4.22. XMLValueToExecutionVariable
The function XMLValueToExecutionVariable reads the value from the location stated with the XPath and writes it into
the given execution variable.
Similar to SetExecVariable, it may be used in conjunction with EncryptXPath and, generally, with any function that
requires an execution variable to be set before calling. Could be used to extract a value from incoming SOAPMessage and
set it into an execution variable for further proceeding.
The function XMLValueToExecutionVariable contains the following configuration parameter:
CORISECIO 10
W
Index Webservice Dispatcher, 9
WrapHTTP, 9, 9
A
AppServer listener #1, 3 X
Authenticating Secure AppServer listener #1, 3 XMLValueToExecutionVariable, 10
B
BrowserProxy, 3
BSFObject, 2
C
CalculateMD5Function, 4
CheckMD5Function, 4
CreateSOAPMessageFromWSDL, 4
crs:certificate, 2
crs:multiLineString, 2
crs:privateKey, 2
crs:role, 3
crs:xpath, 2
D
DumpHTTP, 4
E
EntityHasRole, 5
EnvelopeInRequest, 5
EnvelopeInResponse, 5
ExtractFromRequest, 5
ExtractFromResponse, 6
G
GetFormDataValue, 6
H
HTTP error page, 6
HTTPObject, 2
HTTPRequest, 2
HTTPResponse, 2
HTTPResponseFromRequestBody, 7
P
Proxy, 7
S
Secure AppServer listener #1, 3
SetExecVariableFunction, 7
SetSecRTEntity, 8
SetValueOfXPath, 8
SOAPAttachmentSwitch, 9
SOAPMessage, 2
U
UnwrapHTTP, 9, 9
CORISECIO