Return-Path: 
 <axis-user-return-78478-apmail-ws-axis-user-archive=ws.apache.org@ws.apache.org>
Delivered-To: apmail-ws-axis-user-archive@www.apache.org
Received: (qmail 59568 invoked from network); 13 Apr 2009 13:14:44 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 13 Apr 2009 13:14:44 -0000
Received: (qmail 61810 invoked by uid 500); 13 Apr 2009 13:14:41 -0000
Delivered-To: apmail-ws-axis-user-archive@ws.apache.org
Received: (qmail 61754 invoked by uid 500); 13 Apr 2009 13:14:41 -0000
Mailing-List: contact axis-user-help@ws.apache.org; run by ezmlm
Precedence: bulk
Reply-To: axis-user@ws.apache.org
list-help: <mailto:axis-user-help@ws.apache.org>
list-unsubscribe: <mailto:axis-user-unsubscribe@ws.apache.org>
List-Post: <mailto:axis-user@ws.apache.org>
List-Id: <axis-user.ws.apache.org>
Delivered-To: mailing list axis-user@ws.apache.org
Received: (qmail 61745 invoked by uid 99); 13 Apr 2009 13:14:41 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Apr 2009 13:14:41 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=10.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of alexander.rosemann@gmail.com
 designates 209.85.198.249 as permitted sender)
Received: from [209.85.198.249] (HELO rv-out-0708.google.com) (209.85.198.249)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Apr 2009 13:14:30 +0000
Received: by rv-out-0708.google.com with SMTP id k29so1807617rvb.28
        for <axis-user@ws.apache.org>; Mon, 13 Apr 2009 06:14:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:received:received:message-id:date:from
         :user-agent:mime-version:to:subject:references:in-reply-to
         :content-type:content-transfer-encoding;
        bh=fRVrRggFEG3MKDyYV41tKhosFcQrewlSBamvqOE7etI=;
        b=t4FqUrTm7EOZiEp8xzZLfJABVdxRFB4von2XE5P8FMBStrEXCAhuKpB8D+D/MFH2iV
         TZOaINcKdCHXi3LRxuFr69y7Lon8TzbnTKcK232x9nlfQ0gnbGdwa7/+JjlHpr0xv6nB
         JEIifJq9TM7Uc22Vnjf7P0KTh8rI217QAPLBE=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type:content-transfer-encoding;
        b=MEXPYzFJtJ8bDcA/Z+WswDmsOy5/rll3k7GyaVZg2A95Iv6qP2dtRk5lKB3H2Nf8ML
         kuoDG7wvZIYEqDv4ZbL2fSC706bm2pXP51kDS9qe7KoC/OgYJqUK77xXvcEtMIQVl/s/
         8px+tpUphuf7aUbfU/lxdypMewVrO3pnLCoow=
Received: by 10.141.49.18 with SMTP id b18mr2755378rvk.96.1239628449431;
        Mon, 13 Apr 2009 06:14:09 -0700 (PDT)
Received: from ?192.168.1.151? (91-114-198-202.adsl.highway.telekom.at
 [91.114.198.202])
        by mx.google.com with ESMTPS id f21sm12084509rvb.5.2009.04.13.06.14.07
        (version=TLSv1/SSLv3 cipher=RC4-MD5);
        Mon, 13 Apr 2009 06:14:08 -0700 (PDT)
Message-ID: <49E33AA7.1040604@gmail.com>
Date: Mon, 13 Apr 2009 15:14:15 +0200
From: Alexander Rosemann <alexander.rosemann@gmail.com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: axis-user@ws.apache.org
Subject: Re: Authentication for non SOAP messages
References: <49E20154.5080706@gmail.com>
 <BLU142-W34EB8FF714861119F93D09AE7E0@phx.gbl>
In-Reply-To: <BLU142-W34EB8FF714861119F93D09AE7E0@phx.gbl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 8bit
X-Virus-Checked: Checked by ClamAV on apache.org

I've added a handler to the security phase in my axis2.xml. The handler 
gets called each time a request comes in.

I'm just puzzled how I can directly send a response message in case the 
user has not logged in first.

Cheers,
Alex

Martin Gainty wrote:
> from the HandlerExecution test harness i've seen this depends on 
> assigned PHASE
> 
> package org.apache.axis2.engine;
> public class HandlerExecutionTest extends LocalTestCase
> {
> *.......
> *    private void registerOperationLevelHandlers(AxisOperation operation) {
>         ArrayList operationSpecificPhases = new ArrayList();
>         operationSpecificPhases.add(new 
> Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
>         operation.setRemainingPhasesInFlow(operationSpecificPhases);
>         ArrayList phaseList = operation.getRemainingPhasesInFlow();
>         for (int i = 0; i < phaseList.size(); i++) {
>             Phase operationSpecificPhase = (Phase)phaseList.get(i);
>             if (PhaseMetadata.PHASE_POLICY_DETERMINATION
>                     .equals(operationSpecificPhase.getPhaseName())) {
>                 operationSpecificPhase.addHandler(firstOperationInHandler);
>                 operationSpecificPhase.addHandler(middleOperationInHandler);
>                 operationSpecificPhase.addHandler(new TestHandler("In6"));
>             }
>         }
>         operationSpecificPhases = new ArrayList();
>         operationSpecificPhases.add(new 
> Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
>         operation.setPhasesOutFlow(operationSpecificPhases);
>         phaseList = operation.getPhasesOutFlow();
>         for (int i = 0; i < phaseList.size(); i++) {
>             Phase operationSpecificPhase = (Phase)phaseList.get(i);
>             if (PhaseMetadata.PHASE_POLICY_DETERMINATION
>                     .equals(operationSpecificPhase.getPhaseName())) {
>                 operationSpecificPhase.addHandler(new TestHandler("Out1"));
>                 
> operationSpecificPhase.addHandler(middleOperationOutHandler);
>                 operationSpecificPhase.addHandler(new TestHandler("Out3"));
>             }
>         }
>     }
> 
> where PHASES are broken out to
> package org.apache.axis2.phaseresolver;
> public class PhaseMetadata {
> 
>    // INFLOW
>     public static final String PHASE_TRANSPORTIN = "TransportIn";
>     public static final String PHASE_PRE_DISPATCH = "PreDispatch";
>     public static final String PHASE_POST_DISPATCH = "PostDispatch";
>     public static final String PHASE_POLICY_DETERMINATION = 
> "PolicyDetermination";
>     public static final String PHASE_MESSAGE_PROCESSING = 
> "MessageProcessing";
> 
>     // OUTFLOW
>     public static final String PHASE_MESSAGE_OUT = "MessageOut";
>     public static final String PHASE_DISPATCH = "Dispatch";
>     public static final String PHASE_TRANSPORT_OUT = "TransportOut";
> 
>     public static final String TRANSPORT_PHASE = "TRANSPORT";
> 
> which phase would you be attaching your handler to
> ?
> Martin
> ______________________________________________
> Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / 
> Note de d�ni et de confidentialit�
> 
> This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents.
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Ce message est confidentiel et peut �tre privil�gi�. Si vous n'�tes pas le destinataire pr�vu, nous te demandons avec bont� que pour satisfaire informez l'exp�diteur. N'importe quelle diffusion non autoris�e ou la copie de ceci est interdite. Ce message sert � l'information seulement et n'aura pas n'importe quel effet l�galement obligatoire. �tant donn� que les email peuvent facilement �tre sujets � la manipulation, nous ne pouvons accepter aucune responsabilit� pour le contenu fourni.
> 
> 
> 
> 
> 
> 
>  > Date: Sun, 12 Apr 2009 16:57:24 +0200
>  > From: alexander.rosemann@gmail.com
>  > To: axis-user@ws.apache.org
>  > CC: alexander.rosemann@gmail.com
>  > Subject: Authentication for non SOAP messages
>  >
>  > Hi,
>  >
>  > I've created a bunch of Web services, including an authentication
>  > service. All services consume and return raw XML messages (no SOAP)
>  > which works fine.
>  >
>  > Now I would like to force clients to authenticate themselves before they
>  > are allowed to access any of the services.
>  >
>  > My idea is to implement a simple handler which checks whether an
>  > authentication flag has been set in the ServiceGroupContext. In case
>  > it's not available the only service accessible should be the
>  > authentication service and an error response message should be sent. If
>  > the flag has been set, all other services can be accessed until
>  > ServiceGroupContext timed out or the client logged off.
>  >
>  > What I can't see is how to send an error response from within a handler.
>  >
>  > Any pointers, input, and additional suggestions are highly welcome.
>  >
>  > Thanks,
>  > Alex
>  >
>  >
>  >
>  >
> 
> ------------------------------------------------------------------------
> Rediscover Hotmail�: Now available on your iPhone or BlackBerry Check it 
> out. 
> <http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009>


-- 
DI(FH) Alexander Rosemann
open source based software solutions
Naunspitzweg 3 | 6341 Ebbs | Austria
mobile: +43-681-10337082 | email: alexander.rosemann@gmail.com
*** Your partner in building cutting edge open source based software 
solutions ***