axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Davis" <...@us.ibm.com>
Subject Re: Security Architecture
Date Wed, 11 Apr 2001 10:46:51 GMT
Yuhichi,
  The current code does not do what you think it does.  Yes everything
goes through one servlet but the authorization to each particular service,
including the admin functions,  is restricted by the authentication
and authorization handlers.  There are very (very!) basic auth. handlers
in there right now that do actually demonstration how access can be
controlled on a service by service basis.  The Axis architecture is
flexible
enough to allow you to plug-in your own auth. handlers to implement any
type of control mechanism that fits your needs.

If the entire chaining architecture is one that makes implementing certain
types of security features impossible (or even hard) please explain this
so that we can try to change it.

-Dug


"Yuhichi Nakamura" <NAKAMURY@jp.ibm.com> on 04/11/2001 02:09:06 AM

Please respond to axis-dev@xml.apache.org

To:   axis-dev@xml.apache.org
cc:
Subject:  Security Architecture



Folks,
I have been looking at the current code base to add security features.
However, I feel that the current code is very messy, and not comprehensive.
I would propose to clean up the code.

For the security architecture, I would suggest to rely on platform features
rather than our own proprietory stuff.  For example, before developing
authentication handlers, we should consider how to utilize security
functions
provided by servlet engines (and J2EE).

We have a big security issue in Apache SOAP.  Deployment and service
execution
are perfomed via a "same" servlet.  Therefore, once you provide a servlet
for services,
anyone can perform deployment with the same servlet.  Axis seems to inherit
this bad nature.

I would suggest to define service groups, and each group is mapped to a
particular
servlet.  A single servlet for handling all services is not a good idea.
For deployment,
I would never use AdminClient, rather would prepare configuration files
that are
loaded when AxisEngine or Registory is instantiated.

Note that as for EJB, a single servlet approach is ok because "role
assignment" can be
shared between Web and EJB containers.

Anyway, I want to experiment such security architecture based on the
codebase.  But I
almost gave up because I could not understand it.  Someone can tell me the
mechanism
of deployment and service look-up?

Any comment/suggestion is appreciated.

Best regards,

Yuhichi Nakamura
IBM Tokyo Research Laboratory
Tel: +81-462-73-4668




Mime
View raw message