axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kaushalye Kapuruge <kausha...@wso2.com>
Subject Re: Rampart question
Date Fri, 07 Dec 2007 08:51:08 GMT
Manjula Peiris wrote:
> On Thu, 2007-12-06 at 15:35 -0500, Subra A Narayanan wrote:
>
>   
>> 1. How is role based authorization handled in Rampart? The Username
>> and password (basic or digest) just provide a way to authenticate the
>> user, but not authorize.
>>     
>
> Following will help.
> http://svn.apache.org/repos/asf/webservices/rampart/trunk/c/samples/secpolicy/scenario2
> http://wso2.org/library/2702#ut
>
>
>   
>> 2. Is there anyway in Rampart/Axis2C to pass down the username from
>> the UsernameToken to the webservice code (after the username and
>> password have been authenticated) so that the webservice can then use
>> the username to determine if a user is authorized to access a
>> particular resource or not. 
>>     
>
> AFAIK there is no mechanism for that. IMHO it is not a resposibility of
> the security handler. But if you want that you can improve your web
> service so that client can send them in the soap message body. Further
> you can encrypt the body using rampart so that the information in the
> body is confidentially protected.
>   
Hmm.. encryption wouldn't help the authorization. It MUST be a set of 
rules/credentials based on the name(or any unique identifier) of the 
user. On the other hand SAML(Security Assertion Markup Language) 
provides an improved way to authorize a particular user. Unfortunately 
at the moment Rampart/C doesn't support SAML.
-Kau
> -Manjula. 
>
>   
>> Thanks for the help!
>>
>> Subra
>>     
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
>
>
>   


-- 
http://blog.kaushalye.org/
http://wso2.org/


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message