synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ru...@apache.org
Subject svn commit: r576677 - in /webservices/synapse/trunk/java: repository/conf/sample/synapse_sample_105.xml src/site/resources/Synapse_Samples.html
Date Tue, 18 Sep 2007 03:43:13 GMT
Author: ruwan
Date: Mon Sep 17 20:43:13 2007
New Revision: 576677

URL: http://svn.apache.org/viewvc?rev=576677&view=rev
Log:
Adding a sample to elaborate getting message in to synapse even with not processed mustUnderstand
headers in the MC

Added:
    webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml
Modified:
    webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html

Added: webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml
URL: http://svn.apache.org/viewvc/webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml?rev=576677&view=auto
==============================================================================
--- webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml (added)
+++ webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml Mon Sep 17
20:43:13 2007
@@ -0,0 +1,36 @@
+<!--
+  ~  Licensed to the Apache Software Foundation (ASF) under one
+  ~  or more contributor license agreements.  See the NOTICE file
+  ~  distributed with this work for additional information
+  ~  regarding copyright ownership.  The ASF licenses this file
+  ~  to you under the Apache License, Version 2.0 (the
+  ~  "License"); you may not use this file except in compliance
+  ~  with the License.  You may obtain a copy of the License at
+  ~
+  ~   http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~  Unless required by applicable law or agreed to in writing,
+  ~  software distributed under the License is distributed on an
+  ~   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  ~  KIND, either express or implied.  See the License for the
+  ~  specific language governing permissions and limitations
+  ~  under the License.
+  -->
+<!-- routing messages without processing security headers -->
+<definitions xmlns="http://ws.apache.org/ns/synapse">
+    <proxy name="StockQuoteProxy">
+        <target>
+            <inSequence>
+                <send>
+                    <endpoint>
+                        <address uri="http://localhost:9000/soap/SecureStockQuoteService"/>
+                    </endpoint>
+                </send>
+            </inSequence>
+			<outSequence>
+				<send/>
+			</outSequence>
+        </target>
+        <publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/>
+    </proxy>
+</definitions>
\ No newline at end of file

Modified: webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html
URL: http://svn.apache.org/viewvc/webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html?rev=576677&r1=576676&r2=576677&view=diff
==============================================================================
--- webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html (original)
+++ webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html Mon Sep 17 20:43:13
2007
@@ -2195,6 +2195,63 @@
 
 <p></p>
 
+<h2><a name="Sample105">Sample 105:</a></h2>
+<pre>&lt;!-- routing messages without processing security headers --&gt;
+&lt;definitions xmlns="http://ws.apache.org/ns/synapse"&gt;
+    &lt;proxy name="StockQuoteProxy"&gt;
+        &lt;target&gt;
+            &lt;inSequence&gt;
+                &lt;send&gt;
+                    &lt;endpoint&gt;
+                        &lt;address uri="http://localhost:9000/soap/SecureStockQuoteService"/&gt;
+                    &lt;/endpoint&gt;
+                &lt;/send&gt;
+            &lt;/inSequence&gt;
+            &lt;outSequence&gt;
+                &lt;send/&gt;
+            &lt;/outSequence&gt;
+        &lt;/target&gt;
+        &lt;publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/&gt;
+    &lt;/proxy&gt;
+&lt;/definitions&gt;</pre>
+
+<p><strong>Objective: Routing the messages arrived to a proxy service without
processing
+the MustUnderstand headers (Security header)</strong></p>
+
+<p><strong>Pre-Requisites:</strong><br>
+You may also need to download and install the unlimited strength policy files
+for your JDK before using Apache Rampart (e.g. see
+http://java.sun.com/javase/downloads/index_jdk5.jsp)</p>
+
+<p>Start the Synapse configuration numbered 105: i.e. synapse -sample 105<br>
+Start the Axis2 server and deploy the SecureStockQuoteService if not already
+done</p>
+
+<p></p>
+
+<p>The proxy service will recieve secure messages with security headers which are MustUnderstand.
+But hence element 'engageSec' is not present in the proxy configuration synapse
+will not engage that Apache Rampart on this proxy service. It is expected that an MustUnderstand
+failure exception on the AxisEngine would occur before the message arrives Synapse. But Synapse
+handles this message and gets it in by setting all the headers which are MustUnderstand and
not
+processed to processed state. This will enable synapse to route the messages without reading
the
+Security headers (just routing the messages from client to service, both of which are secure).
To
+execute the client, send a stock quote request to the proxy service, and sign
+and encrypt the request by specifying the client side security policy as
+follows:</p>
+<pre>ant stockquote -Dtrpurl=http://localhost:8080/soap/StockQuoteProxy -Dpolicy=./../../repository/conf/sample/resources/policy/client_policy_3.xml</pre>
+
+<p>By following through the debug logs or TCPMon output, you could see that
+the request received by the proxy service was signed and encrypted. Also,
+looking up the WSDL of the proxy service by requesting the
+URL http://localhost:8080/soap/StockQuoteProxy?wsdl reveals the security
+policy attachments are not there and security is not engaged. When sending the message to
the
+backend service, you could verify that the security headers were there as in the original
+message to synapse from client, and that the response received does use WS-Security,
+and forwarded back to the client without any modification. You should note that this wont
be a
+security hole because the message inside synapse is signed and encrypted and can only be
forwarded
+to a secure service to be usefull.</p>
+
 <h1><a name="Transport">Transports</a></h1>
 
 <h2><a name="Sample110">Sample 110:</a></h2>



---------------------------------------------------------------------
To unsubscribe, e-mail: synapse-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: synapse-dev-help@ws.apache.org


Mime
View raw message