axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott McCoy <...@cpan.org>
Subject Re: Arbitrary Authenitcation Types (based on SOAP Headers)
Date Mon, 13 Feb 2006 19:04:51 GMT
Thanks,
    I actually found this project last friday, did attempt to convince the
specifications author to adhere to these standards, and he refused.

    I am still missing something from this project, though, and that is how
I can *clearly* annotate the requirements of this headers presence in the
WSDL.

    There 'aught to be something to outline that for me, but what, I'm not
sure.


    Thanks,
    Scott S. McCoy

On 2/13/06, Rodrigo Ruiz <rruiz@gridsystems.com> wrote:
>
> Hi Scott, take a look at the wss4j project (at
> http://ws.apache.org/wss4j). It is a security framework that can do what
> you describe, and some more things, like using client certificates
> instead of name/password pairs. It is probably your best option if you
> are looking for a standard implementation :-)
>
> Even if your specification mandates a custom header (in that case I
> would try to convince the author to adhere to the standard :-P), you can
> get ideas from the code, as it uses handlers.
>
> HTH,
> Rodrigo Ruiz
>
> Scott McCoy wrote:
> > That is the client answer, sure.
> >
> > Virtually what I was looking for, but I wanted the server answer.!
> >
> > I want to use wsdl2java to build a service I will deploy with axis,
> > rather than connect to.  I am trying to figure out the most pragmatic
> > fasion for building a "component", that I could stuff (possibly, in
> > the <requestFlow/>) that checks the headers, and *stops* the request
> > from getting to the main handler under the instance that my
> > authentication failed.
> >
> > I really wanted to, if possible, use document or wrapped style
> > services, rather than messages style services, also.
> >
> > Thanks!
> >
> >     Scott S. McCoy
> >
> > On 2/10/06, * Rave, Mark* <Mark.Rave@cardinal.com
> > <mailto:Mark.Rave@cardinal.com>> wrote:
> >
> >     I don't know if this is what you are asking but it can't hurt to
> >     offer it.  I used WSDL2Java to generate the stubs and I also had
> >     to have authentication information in the SOAP header, this is how
> >     I did it but it might not be the best way:
> >
> >       SomethingService service = new SomethingServiceLocator();
> >
> >       Something svc = service.getSomethingSOAPPort();
> >
> >       SomethingSoapBindingStub stub = (SomethingSoapBindingStub)svc;
> >       SOAPHeaderElement she = new SOAPHeaderElement("namespace",
> >     "AuthInfo");
> >       SOAPElement ut = she.addChildElement("UserToken");
> >       SOAPElement un = ut.addChildElement("UserName");
> >       un.addTextNode("username");
> >       SOAPElement pw = ut.addChildElement("Password");
> >       pw.addTextNode("password");
> >       stub.setHeader(she);
> >
> >     When I make the call something like this is generated:
> >
> >     <SOAP-ENV:Envelope xmlns:SOAP-ENV="
> >     http://schemas.xmlsoap.org/soap/envelope/"
> >     xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
> >     xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance"
> >     xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:m="namespace">
> >     <SOAP-ENV:Header>
> >             <m:AuthInfo>
> >                     <m:UserToken>
> >                             <m:UserName>username</m:UserName>
> >                             <m:Password>password</m:Password>
> >                     </m:UserToken>
> >             </m:AuthInfo>
> >     </SOAP-ENV:Header>
> >             ......
> >     </SOAP-ENV:Envelop>
> >
> >     Hope this helps.
> >
> >     -----Original Message-----
> >     From: tagster@gmail.com <mailto:tagster@gmail.com>
> >     [mailto:tagster@gmail.com <mailto:tagster@gmail.com>]On Behalf Of
> >     Scott McCoy
> >     Sent: Friday, February 10, 2006 2:06 PM
> >     To: axis-user@ws.apache.org <mailto:axis-user@ws.apache.org>
> >     Subject: Re: Arbitrary Authenitcation Types (based on SOAP Headers)
> >
> >
> >     I didn't get a response to this, so I thought I'd re-post it.
> >
> >     I just want a handler, before my handler, to get some values from
> >     the header and have the ability to stop the request.
> >
> >     How does that happen?
> >
> >
> >     On 2/8/06, Scott McCoy <tag@cpan.org <mailto:tag@cpan.org>> wrote:
> >     Hello All,
> >         I have a specification that demands I use a SOAP Header
> >     element for credential verification, and from a technical
> >     perspective it needs to be highly reusable, with a technical
> >     requirement that it preceeds and stops processing of the SOAP
> >     Body.  I've found what seems to be just the ticket, which is
> >     simply adding a component via the < requestFlow/> element in WSDL
> >     or WSDD...But the problem I'm having is that I'm having difficulty
> >     finding documentation on doing this.
> >
> >         Essentially, I have the following (mock) request envelope:
> >
> >     <Envelope xmlns="?soap">
> >         <Header>
> >             <authenticate username="..." password="..."/>
> >         </Header>
> >         <Body>
> >             <purchase>
> >                 <order accountid=".." cardid=".." amount=".."/>
> >                 <order accountid=".." cardid=".." amount=".."/>
> >             </purchase>
> >         </Body>
> >     </Envelope>
> >
> >
> >         Nevermind the details of the SOAP Body, handlers for this are
> >     easily generatable by WSDL2Java, but how do I deal with the SOAP
> >     Header in a respectible and logical fasion (Axis 1.3) ?
> >
> >
> >         Thanks,
> >         Scott S. McCoy
> >
> >     _________________________________________________
> >
> >     This message is for the designated recipient only and may contain
> >     privileged, proprietary, or otherwise private information. If you
> >     have received it in error, please notify the sender immediately
> >     and delete the original. Any other use of the email by you is
> >     prohibited.
> >
> >     Espanol - Deutsch - Nederlands - Francais - Italiano - Norsk -
> >     Svenska: www.cardinalhealth.com/legal/email
> >     <http://www.cardinalhealth.com/legal/email>
> >
> >
> > ------------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date:
> 10/02/2006
> >
>

Mime
View raw message