axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From RonnieMJ <ronniemjo...@hotmail.com>
Subject Re: Rampart one way only
Date Mon, 27 Oct 2008 15:51:17 GMT

I tried putting moving the Security phase to the end of that PhaseOrder (for
both InFaultFlow and InFault).  It didn't help.  Maybe it's because I'm
using axis2 1.3.

I'm loading my policies in one fail swoop from code (not from the
service.xml file).

options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, 
loadPolicy(confDir + "/clientSecurityPolicy.xml"));
stub._getServiceClient().setOptions(options);


so I have 2 questions.
1.  Would I need to switch (back) to 1.4.1 to use message level security?
2.  Would I specify this in my code or my policy file?




Nunny wrote:
> 
> Hi Mary,
>       I  think best way to solve this problem is to use message level
> policies. You can attach policies at message level, so they will be
> effective either on in the in flow or our flow. But still we have the
> problem that we can't specify policies for fault flows, For example, if we
> specify a policy for in message it will be applicable for both in message
> and in fault messages.
>      In Axis2 , we have two kinds phases global phases and operation
> phases.
> This article [1] by Deepal explains the whole concept.   Phases before
> dispatch phases are known as global phases and they will be called for
> each
> and every message. Security is a global phase. We need security as a
> global
> phase become dispatching mechanism like body based dispatching which used
> to
> dispatch operations need messages to be decrypted before they can act on
> the
> message. But having the security phase doesn't have any effect if rampart
> is
> not engaged. As it is described in the article, it is the rampart module
> that adds handlers to the phase. Even if the Rampart is engaged, if the
> effective security policy of the message is null, then those handlers will
> not have any effect.
> 
> thanks,
> nandana
> 
> [1] - http://www.packtpub.com/article/handler-and-phase-in-apache-axis
> 
> On Sat, Oct 25, 2008 at 4:17 AM, Mary Thompson <mrthompson@lbl.gov> wrote:
> 
>> I ran into the same problem when I switched to ws-policy. First I had to
>> add the security phase to infaultflow and then the unsigned fault
>> messages
>> were not acceptable. I "fixed" it by moving the security phase in the
>> infaultflow to the end the phase order after OperationInFaultPhase
>> effectively causing it to be ignored.
>>
>> I wonder if the piece of code that insists you add a security phase when
>> you don't want any security is wrong. Or if there is some way to indicate
>> a
>> null security phase.
>>
>> Mary Thompson
>>
>>
>>
>> RonnieMJ wrote:
>>
>>> Ok I added an axis2.xml file in my repo, however commenting out any
>>> Security
>>> phase causes errors indicating that the Security phase is missing.
>>>
>>> I'm wondering if you would ALSO have to remove any phase info from the
>>> modules.xml file in the rampart mar?
>>>
>>> In this case I'm the client, but receiving a response.  Wouldn't I want
>>> to
>>> remove the security phase from the InFlow not out?
>>>
>>>
>>>
>>> Chris82KS wrote:
>>>
>>>> Hello,
>>>> inside the axis2.xml you have the different flows (inFlow, OutFlow,
>>>> InFault and OutFault). Just remove the phase "Security" from the
>>>> OutFlow
>>>> and the OutFaultFlow.
>>>>
>>>> Greetings
>>>> Christian
>>>>
>>>>
>>>> ----- original Nachricht --------
>>>>
>>>> Betreff: Rampart one way only
>>>> Gesendet: Do, 23. Okt 2008
>>>> Von: RonnieMJ<ronniemjohns@hotmail.com>
>>>>
>>>>  Is it possible to have rampart NOT be concerned with security on a
>>>>> return
>>>>> message in a synchronous transaction?
>>>>>
>>>>> Example:
>>>>> I send to server X with security headers.  They return an OK message
>>>>> or
>>>>> a
>>>>> fault.  Neither of which would have security heading information.
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/Rampart-one-way-only-tp20133511p20133511.html
>>>>> Sent from the Axis - User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>>>
>>>>>
>>>>>  --- original Nachricht Ende ----
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>>>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>>>
>>>>
>>>>
>>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
>> For additional commands, e-mail: axis-user-help@ws.apache.org
>>
>>
> 
> 
> -- 
> Nandana Mihindukulasooriya
> WSO2 inc.
> 
> http://nandana83.blogspot.com/
> http://www.wso2.org
> 
> 

-- 
View this message in context: http://www.nabble.com/Rampart-one-way-only-tp20133511p20190479.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message