axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ajith Ranabahu <ajith.ranab...@gmail.com>
Subject Re: [Axis2] Phase of Inflow Security Handler
Date Thu, 25 Aug 2005 11:13:00 GMT
IMHO I don't think anything can be there before the security handler (Say 
the WHOLE message is encrypted). So in most cases we have to run the 
security handler as early as possible, but in some other cases we should 
wait a bit.
My guess is since it's possible to deploy the same handler in several 
places, we can place the security handler in the possible places where 
security can be implemented, say at the begining of the predispatch and 
inside the dispatch phases. The security handle should have fall through 
code to handle it though. we might also need a flag (probably in the MC 
properties) to say that the security is done!

On 8/25/05, Eran Chinthaka <chinthaka@opensource.lk> wrote:
> 
> No this will not help.
> There can be some handlers in the pre-dispatch phase, which can not 
> operate before Security, if present, but need to operate before dispatching. 
> 
> 
> -- EC
> 
> Ruchith Fernando wrote: 
> 
> So are we going to include the "RequestURIBasedDispatcher" in
> "DispatchPhaseOne".
> 
> If that is the case we simply change the order of the dispatchers in
> the "Dispatch" phase, by slightly modifying
> org.apache.axis2.engine.AxisConfigurationImpl and deploy the security
> IN handler in the "Dispatch" phase 'after' the
> "RequestURIBasedDispatcher".
> 
> I don't think we really need two dispatch phases like that, since this
> seems to be a requirement unique to the security module. what do u
> think?
> 
> --Ruchith
> 
> On 8/25/05, Eran Chinthaka <chinthaka@opensource.lk> <chinthaka@opensource.lk>
wrote:
>   
>  Agreed, but for HTTPand SMTP only. What about for the TCP case ? Service
> identification based on the socket information ? If so, fine.
> 
> So lets have a phase called "DispatchPhaseOne". And the rest in
> "DispatchPhaseTwo".
> 
> Ruchith Fernando wrote:
> 
>      Hi All,
> 
> When security is enabled for a certain service, the inflow security
> handler (WSDoAllReceiver) will have to be invoked on requests to that
> perticular service.
> 
> Therefore we will have to deploy the WSDoAllReceiver within the
> "Dispatch" phase after the "RequestURIBasedDispatcher".
> 
> But the Axis2 right now enforces the "AddressingBasedDispatcher" to be
> run ahead of all the others and this order is not configurable. But
> IMHO we should not access the other SOAP headers before the security
> processing is complete.
> 
> Since RequestURIBasedDispatcher is the only possible mechanism to
> figureout the service without accessing the other SOAP headers (e.g.
> wsa headers) and the SOAP bosy, can we change the order of the
> dispatchers, or can we make it configurable such that its possible to
> change the dispatch order (to have the RequestURIBasedDispatcher
> first),  when the security module is engaged?
> 
> Thanks,
> --
> Ruchith
> 
> 
> 
>                


-- 
Ajith Ranabahu

Mime
View raw message