synapse-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject svn commit: r576677 - in /webservices/synapse/trunk/java: repository/conf/sample/synapse_sample_105.xml src/site/resources/Synapse_Samples.html
Date Tue, 18 Sep 2007 03:43:13 GMT
Author: ruwan
Date: Mon Sep 17 20:43:13 2007
New Revision: 576677

Adding a sample to elaborate getting message in to synapse even with not processed mustUnderstand
headers in the MC


Added: webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml
--- webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml (added)
+++ webservices/synapse/trunk/java/repository/conf/sample/synapse_sample_105.xml Mon Sep 17
20:43:13 2007
@@ -0,0 +1,36 @@
+  ~  Licensed to the Apache Software Foundation (ASF) under one
+  ~  or more contributor license agreements.  See the NOTICE file
+  ~  distributed with this work for additional information
+  ~  regarding copyright ownership.  The ASF licenses this file
+  ~  to you under the Apache License, Version 2.0 (the
+  ~  "License"); you may not use this file except in compliance
+  ~  with the License.  You may obtain a copy of the License at
+  ~
+  ~
+  ~
+  ~  Unless required by applicable law or agreed to in writing,
+  ~  software distributed under the License is distributed on an
+  ~  KIND, either express or implied.  See the License for the
+  ~  specific language governing permissions and limitations
+  ~  under the License.
+  -->
+<!-- routing messages without processing security headers -->
+<definitions xmlns="">
+    <proxy name="StockQuoteProxy">
+        <target>
+            <inSequence>
+                <send>
+                    <endpoint>
+                        <address uri="http://localhost:9000/soap/SecureStockQuoteService"/>
+                    </endpoint>
+                </send>
+            </inSequence>
+			<outSequence>
+				<send/>
+			</outSequence>
+        </target>
+        <publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/>
+    </proxy>
\ No newline at end of file

Modified: webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html
--- webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html (original)
+++ webservices/synapse/trunk/java/src/site/resources/Synapse_Samples.html Mon Sep 17 20:43:13
@@ -2195,6 +2195,63 @@
+<h2><a name="Sample105">Sample 105:</a></h2>
+<pre>&lt;!-- routing messages without processing security headers --&gt;
+&lt;definitions xmlns=""&gt;
+    &lt;proxy name="StockQuoteProxy"&gt;
+        &lt;target&gt;
+            &lt;inSequence&gt;
+                &lt;send&gt;
+                    &lt;endpoint&gt;
+                        &lt;address uri="http://localhost:9000/soap/SecureStockQuoteService"/&gt;
+                    &lt;/endpoint&gt;
+                &lt;/send&gt;
+            &lt;/inSequence&gt;
+            &lt;outSequence&gt;
+                &lt;send/&gt;
+            &lt;/outSequence&gt;
+        &lt;/target&gt;
+        &lt;publishWSDL uri="file:repository/conf/sample/resources/proxy/sample_proxy_1.wsdl"/&gt;
+    &lt;/proxy&gt;
+<p><strong>Objective: Routing the messages arrived to a proxy service without
+the MustUnderstand headers (Security header)</strong></p>
+You may also need to download and install the unlimited strength policy files
+for your JDK before using Apache Rampart (e.g. see
+<p>Start the Synapse configuration numbered 105: i.e. synapse -sample 105<br>
+Start the Axis2 server and deploy the SecureStockQuoteService if not already
+<p>The proxy service will recieve secure messages with security headers which are MustUnderstand.
+But hence element 'engageSec' is not present in the proxy configuration synapse
+will not engage that Apache Rampart on this proxy service. It is expected that an MustUnderstand
+failure exception on the AxisEngine would occur before the message arrives Synapse. But Synapse
+handles this message and gets it in by setting all the headers which are MustUnderstand and
+processed to processed state. This will enable synapse to route the messages without reading
+Security headers (just routing the messages from client to service, both of which are secure).
+execute the client, send a stock quote request to the proxy service, and sign
+and encrypt the request by specifying the client side security policy as
+<pre>ant stockquote -Dtrpurl=http://localhost:8080/soap/StockQuoteProxy -Dpolicy=./../../repository/conf/sample/resources/policy/client_policy_3.xml</pre>
+<p>By following through the debug logs or TCPMon output, you could see that
+the request received by the proxy service was signed and encrypted. Also,
+looking up the WSDL of the proxy service by requesting the
+URL http://localhost:8080/soap/StockQuoteProxy?wsdl reveals the security
+policy attachments are not there and security is not engaged. When sending the message to
+backend service, you could verify that the security headers were there as in the original
+message to synapse from client, and that the response received does use WS-Security,
+and forwarded back to the client without any modification. You should note that this wont
be a
+security hole because the message inside synapse is signed and encrypted and can only be
+to a secure service to be usefull.</p>
 <h1><a name="Transport">Transports</a></h1>
 <h2><a name="Sample110">Sample 110:</a></h2>

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message