axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <kausha...@wso2.com>
Subject Re: Rampart question
Date Fri, 07 Dec 2007 08:40:34 GMT
Uthaiyashankar wrote:
> Hi Subra,
>
> Please see the comments..
>
>> Hello folks,
>>
>> 1. How is role based authorization handled in Rampart? The Username 
>> and password (basic or digest) just provide a way to authenticate the 
>> user, but not authorize.
>>
> Rampart just authenticates the user. As far as I know, it is not doing 
> any role based authorization. Somebody please correct me if I am wrong.
Yes. The username token profile[1] provides a direct way to authenticate 
a user based on a username password pair. But in order to use it for 
authorization purposes, the service provider has to have own mechanisms. 
Basically the question to answer is "Is the user X has privileges to 
access resource Y or perform operation Z?"
Rampart stores the username in the message context with other security 
processed results. Within the service it is possible to access these as 
an array of properties.
>> 2. Is there anyway in Rampart/Axis2C to pass down the username from 
>> the UsernameToken to the webservice code (after the username and 
>> password have been authenticated) so that the webservice can then use 
>> the username to determine if a user is authorized to access a 
>> particular resource or not.
> The code
>
> axis2_char_t* uname = NULL;
> uname = (axis2_char_t*)rampart_get_security_processed_result(env, 
> msg_ctx, RAMPART_SPR_UT_USERNAME);
>
> will give you the username. You can use it in your webservice code. To 
> compile the code, you have to include rampart_sec_processed_result.h 
> and rampart_constants.h.
Yes. This is how you do it.
Cheers,
Kau
[1] 
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf
>>
>> Thanks for the help!
>>
>> Subra
> Regards,
> Shankar
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>


-- 
http://blog.kaushalye.org/
http://wso2.org/


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message