axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya" <nandana....@gmail.com>
Subject Re: Hos axis2 is integrated with Rampart ?
Date Thu, 22 Nov 2007 03:14:30 GMT
Hi Subhash,

When rampart is used, it creates wsse headers in the soap request from the
> client side, and from the server side it validates the headers.
>
> I want to know where it is instructed that the rampart handlers are to be
> executed to validate the security headers?
>
Take a look at the SOAP Processing Model [1] under the Axis2 architecture.
It shows when handlers are executed how to register them in
different phases. This article on Axis2 Execution Framework [2] will also
give you a good understanding about the concept of phases.

[1] - http://ws.apache.org/axis2/1_3/Axis2ArchitectureGuide.html#bmSOAPPM
[2] - http://www.developer.com/java/web/article.php/10935_3529321_1

module.xml of Rampart defines the handlers used to secure the soap messages
and registers them in the security phase.

    <InFlow>
        <handler name="PolicyBasedSecurityInHandler" class="
org.apache.rampart.handler.RampartReceiver">
            <order phase="Security" phaseFirst="true"/>
        </handler>
        <handler name="SecurityInHandler" class="
org.apache.rampart.handler.WSDoAllReceiver">
            <order phase="Security"/>
        </handler>
    </InFlow>

    <OutFlow>
        <handler name="SecurityOutHandler" class="
org.apache.rampart.handler.WSDoAllSender">
            <order phase="Security"/>
        </handler>
        <handler name="PolicyBasedSecurityOutHandler" class="
org.apache.rampart.handler.RampartSender">
            <order phase="Security" phaseLast="true"/>
        </handler>
    </OutFlow>


Regards,
Nandana


>
>
> I tried going through the axis source files but I am not able to
> understand how the soap request reaches the WSDoAllReceiver class!!
>
> I say this because, if I trim the security headers in the soap request and
> then send this request, it throws back an Axis fault saying
>
> "WSDoAllReceiver: Incoming message does not contain required Security
> header"
>
>
>
> Can anyone try to throw light on this?
>
>
>
> Thanks,
>
> -Subhash-
>  This e-mail and any files transmitted with it are for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information.
> If you are not the intended recipient, please contact the sender by reply
> e-mail and destroy all copies of the original message.
> Any unauthorized review, use, disclosure, dissemination, forwarding,
> printing or copying of this email or any action taken in reliance on this
> e-mail is strictly
> prohibited and may be unlawful.
>

Mime
View raw message