axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruchith Fernando" <ruchith.ferna...@gmail.com>
Subject Re: [Axis2] Client side configuration parameters
Date Thu, 06 Apr 2006 11:20:58 GMT
Hi Xinjun,

Please see my inline comments:

On 4/6/06, Xinjun Chen <xjchen001@gmail.com> wrote:
> When testing the Axis2 0.94 security module, I have some questions
> regarding client side configuration. I raised the following question
> after reading the webpage
> http://ws.apache.org/axis2/0_94/security-module.html.

I recommend you to use the 0.95 security.mar and please note that the
Axis2 repository structure is different in 0.95.

>
> 1. The page mentions that client side configuration parameters can be
> set in the axis2.xml of the client's Axis2 repository.
> My question is is this referring to the directory
> \axis2-std-0.94-bin\repository\services ?
> It is initially empty. What will be the root element in the client
> respository axis2.xml? Could you help me to get some sample client
> side configuration?

When you have to engage a client side module you will have to use an
Axis2 repository.
This repository just have to be a specific directory structure. Following is the
Axis2 repository structure for a client if you are using 0.95 or the
current SVN snapshot.

  repo_dir <- This is the repo directory name and can be anything and can be
    |        anywhere in your dick where you have permission :-).
    |
   +--conf
    |	    |
    |      +-- axis2.xml
    |
   +--modules  <- This directory contains .mar files
            |
           +-- security.mar


Now when you create a ServiceClient you can supply the configuration
context  created using the configured using the repo dir.

If you have a look at the souce of the security sample's client [1]
you can see how this is done. (lines: 48, 49)

Now the you will have to have following XML entries in the axis2.xml
that is in the client's repo's conf dir

<!--Enagege the security module -->

<module ref="security" />

<!-- Configure the security module to include a username token in the msg -->

    <parameter name="OutflowSecurity">
      <action>
        <items>UsernameToken</items>
        <user>your_user_name</user>
        <passwordCallbackClass>callback.hancler.Class</passwordCallbackClass>
        <passwordType>PasswordText</passwordType>
      </action>
    </parameter>

The above parameter will include a username token in the security
header in the request message. The username will be "your_user_name"
and the password will be picked up using the callback.hancler.Class.
You will have to write this class which is an impl of the
java.auth.Callback interface. And you will have to set the password
into the WSPasswordCallback objects that is given into the handle()
method. Example: [2]

Now you have your client side configured properly :-)

>
> 2. If a developer only downloaded WAR distribution and put the war
> inside the Tomcat webapps folder. Can he/she still configure the
> client side? How?

YES
The client side it independent from the services and there's no need
for anyone to use the same repository that is available inside tomcat
when the war is expanded.

One can configure the services' security by configuring the axis2.xml
available in the WEB-INF/con dir in the war to include the
<module ref="security" /> entry AND by including the configuration
parameters in  each service's services.xml file.

>
> 3. The page mentioned per service level security configuration. Could
> you also provided some details? My understanding is that the security
> configuration (security policy and security information) will be read
> by the WSDoAllHandler inside the security.module. I checked both
> WSDoAllSender and WSDoAllReceiver, but could not figure out where how
> can WSDoAllHandler find out the security configuration file.

We do not processes WS-securityPolicy yet. And we use two parameters to
configure the security module as explained here [3].
When configuring security for services you can include these elements in
in the services.xml of each of those services as children of the document
element ("service" element). Then each request directed at any of the
operations of the service are expected to be secured as configured.

HandlerParameterDecoder.processParameters() method is used to extract
information from these parameters. This is used in both WSDoAll* handlers.

>
> 4. As for the PasswordCallbackClass, is it possible to use the same
> PasswordCallbackClass for both client and server if I combine the
> client and server into the Axis2 installation in Tomcat?

yes

>
> 5. Does Axis2 security module allow plain username and password for
> authentication? Can I specify the username and password inside the
> configuration?
>
yes it allows plain text password and the username is anyway plain text.

You will have to specify the username in the configuration parameter
but you cannot specify the password in the configuration. You will
have to use the PasswordCallbackClass to provide the password for a
given username.

Thanks,
Ruchith

p.s.
Once again ... I recommend you to use the 0.95 or the current SVN and
please note that you will have to include the following jars in the
client's classpath and if you are using secured services in Tomcat :
in the axis2/WEB-INF/lib dir:

bcprov-jdk13-131.jar
commons-discovery-0.2.jar
wss4j-SNAPSHOT.jar
xmlsec-1.2.1.jar

[1] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/Client.java
[2] https://svn.apache.org/repos/asf/webservices/axis2/trunk/java/modules/samples/src/sample/security/PWCallback.java
[3] http://ws.apache.org/axis2/0_95/security-module.html

Mime
View raw message