Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 15543 invoked from network); 10 Aug 2004 21:49:57 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 10 Aug 2004 21:49:57 -0000 Received: (qmail 47482 invoked by uid 500); 10 Aug 2004 21:49:33 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 47347 invoked by uid 500); 10 Aug 2004 21:49:31 -0000 Mailing-List: contact axis-dev-help@ws.apache.org; run by ezmlm Precedence: bulk Reply-To: axis-dev@ws.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list axis-dev@ws.apache.org Received: (qmail 47316 invoked by uid 99); 10 Aug 2004 21:49:31 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [151.193.220.17] (HELO sgtulmg01.sabre.com) (151.193.220.17) by apache.org (qpsmtpd/0.27.1) with ESMTP; Tue, 10 Aug 2004 14:49:30 -0700 Received: from unknown (HELO sghdqbh01.Global.ad.sabre.com) (10.12.64.16) by sgtulmg01.sabre.com with ESMTP; 10 Aug 2004 16:49:30 -0500 X-Ironport-AV: i="3.83,118,1089003600"; d="scan'208"; a="209150899:sNHT42800616" Received: from sgtulmsp03.Global.ad.sabre.com ([10.12.64.5]) by sghdqbh01.Global.ad.sabre.com with Microsoft SMTPSVC(5.0.2195.6713); Tue, 10 Aug 2004 16:49:29 -0500 X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: Kinda stuck for a solution here Date: Tue, 10 Aug 2004 16:49:29 -0500 Message-ID: <8A1F9FA924FBDB47A53086AA86BBDDA310CF2A@sgtulmsp03.global.ad.sabre.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Kinda stuck for a solution here Thread-Index: AcR/I/uVGKvfhgDEQfGnVva3wHvfWQ== From: "Fergusson, Hamish" To: , X-OriginalArrivalTime: 10 Aug 2004 21:49:29.0849 (UTC) FILETIME=[E9EE0690:01C47F23] X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Hello All,=20 I was wondering if any of you had any suggestions regarding a problem = myself and the rest of our development=20 team are facing: 1) Our application consists of a security server/router ( owned by a = third party ) that authenticates users of our web service. This security server accepts SOAPMessages , does some authentication and = adds some attributes to the SOAPHeader and forwards=20 that SOAPEnvelope to my web service. 2) I need to do some additional security that uses the attributes the = security server/router added to the SOAPHeader. These are only visible at the handler level, as the header does not = appear in my WSDL. 3) In a request handler, I extract the header info from the SOAPMessage = and perform my security code, if it passes, that's=20 fine and the SOAPMessage goes to the web service and it's business as = usual. The problem is that what do I do when my security business logic = fails????? Well, I could have created a SOAPFault from my request handler and that = would be sent back to the security server/router and=20 then back to the client. That would have been ideal, BUT the security = server/router will not handle SOAPFaults ( this is=20 their policy, we have to have an Error structure within our SOAPBody in = our response message to represent errors/exceptions/faults). This is crazy, but they won't budge, believe me we fought this battle = with them and lost. Another thing I thought of was: Again in a request handler, when my security business logic fails, set = some attribute in the SOAPBody to indicate a failure=20 condition. I would check this when the java object was created on the = server and return our custom error struture in the response object ( remember, not a SOAPFault ). The problem with this approch is that the Axis classes for setting = values in the SOAPBody are overriden and prevent you from modifying the message in the SOAPBody. Currently this would be my = prefered approach, but would mean I would have modify the AXIS code, which I'm not too keen on doing? So the heart of the problem I'm facing is that I need a way of = identifying that the error condition that was found on the=20 request handler can be identified on the actual code excuted on my web = service business logic. Does anyone out there know how I might accomplish this? I'd appreciate any feedback. Thanks,=20 Hamish.