axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <>
Subject Re: Rampart question
Date Fri, 07 Dec 2007 08:40:34 GMT
Uthaiyashankar wrote:
> Hi Subra,
> Please see the comments..
>> Hello folks,
>> 1. How is role based authorization handled in Rampart? The Username 
>> and password (basic or digest) just provide a way to authenticate the 
>> user, but not authorize.
> Rampart just authenticates the user. As far as I know, it is not doing 
> any role based authorization. Somebody please correct me if I am wrong.
Yes. The username token profile[1] provides a direct way to authenticate 
a user based on a username password pair. But in order to use it for 
authorization purposes, the service provider has to have own mechanisms. 
Basically the question to answer is "Is the user X has privileges to 
access resource Y or perform operation Z?"
Rampart stores the username in the message context with other security 
processed results. Within the service it is possible to access these as 
an array of properties.
>> 2. Is there anyway in Rampart/Axis2C to pass down the username from 
>> the UsernameToken to the webservice code (after the username and 
>> password have been authenticated) so that the webservice can then use 
>> the username to determine if a user is authorized to access a 
>> particular resource or not.
> The code
> axis2_char_t* uname = NULL;
> uname = (axis2_char_t*)rampart_get_security_processed_result(env, 
> will give you the username. You can use it in your webservice code. To 
> compile the code, you have to include rampart_sec_processed_result.h 
> and rampart_constants.h.
Yes. This is how you do it.
>> Thanks for the help!
>> Subra
> Regards,
> Shankar
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message