Yang, Gang CTR US USA wrote:
Classification: UNCLASSIFIED
Caveats: NONE
Hi, Simon,
Thank you for the information. It's very helpful for me to better
understand the frameworks in both 1.6 and 2.0. I wish what you described
here be in the book you guys wrote. It doesn't have to be elaborate, but
some key phrases and high level descriptions and pointers in an advanced
chapter.
Thanks again, I'll try both to see what happens.
Gang
Hi Gang,
Unfortunately it's impossible in a book of 400 pages to cover
all the advanced topics that Tuscany users might need to know :-(
The good news is that you can come to this list to get the
additional information that you need :-)
Simon N.
-----Original Message-----
From: Simon Laws [mailto:simonsl...@googlemail.com]
Sent: Thursday, January 20, 2011 4:22 AM
To: dev@tuscany.apache.org
Subject: Re: How to add new security extension to Tuscany binding.ws?
(UNCLASSIFIED)
On Tue, Jan 18, 2011 at 10:08 PM, Yang, Gang CTR US USA
<gang.y...@us.army.mil> wrote:
Classification: UNCLASSIFIED
Caveats: NONE
Hi,
I am trying to see how I can add a new WS-security implementation to
the WS
binding. I've got a policy extension hooked into Tuscany runtime using
Tuscany 1.6. However, I seem to have a hard time to place my policy
interceptor at the right place to be able to add security to the SOAP
message. While poking around inside the debugger and with experiments,
I
found the following:
1. If I return "referece.binding.policy" when getPhase() is called,
Tuscany
runtime will place my policy interceptor after the WS binding invoker
(Axis2BindingInvoker) in the invocation chain. Since
Axis2BindingInvoker
does not continue the invocation in the chain, my policy interceptor
is
never called.
2. If I return "reference.policy" instead, my policy interceptor is
placed
before the WS binding invoker and will be called. But any headers I
add are
ignored by Axis2BindingInvoker. Also I can't access the SOAP body
element,
only the body content, which is not good enough if I need to add ID to
the
SOAP body for signature reference.
I'm looking for pointers and suggestions on how to go about adding a
new
WS-security. I do understand that Axis2 WS extension provides
WS-security
through Rampart, but I need to provide our own security
implementation.
More detailed questions:
1. Are binding policy phase implemented in the current Tuscany? If so,
who
is responsible to enable "reference.binding.policy" or
"service.binding.policy" phase interceptor, Tuscany runtime or the
binding
extension, such as Axis2BindingInvoker?
2. I also tried 1.6.1 and failed. Would 2.0.Beta1 have fixed the
problem?
3. Is there a way to exten Axis2 WS binding so that I can hook my
WS-security implementation as an Axis2 module, just like Rampart
module, at
Axis2 service level?
Thanks,
Gang
Classification: UNCLASSIFIED
Caveats: NONE
Hi Gang
Sorry for the slow reply.
The binding.ws implementation in Tuscany 1.6 is a bit closed in the
sense that to add binding specific behaviour you need to get some code
into the binding. In 2.x (and in the JMS binding in 1.x) we created
what we called a binding wire to allow normal interceptors to phases
that effectively sit inside the binding however in the 1.x web
services binding we had a thing called a PolicyHandler that was called
at setup and before and after the invocation. You can see how the
existing WS Policy Handler interacts with the Axis context here;
http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/modules/bindi
ng-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2
/policy/wspolicy/WSSecurityPolicyHandler.java
This policy handler is registered with the infrastructure by this file;
http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/modules/bindi
ng-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tusca
ny.sca.policy.util.PolicyHandler
In the 2.x code base we have a binding chain in the web services
binding so that you can get at the axis message context between the
invoker and when the message gets put out onto the transport. There is
a REFERENCE_BINDING_POLICY and a SERVICE_BINDING_POLICY now amongst
others. In the binding.ws case on the reference side the Axis
OperationClient is put in the binding context. You can get at it in a
binding chain interceptor with
OperationClient operationClient = msg.getBindingContext();
So you can affect the way that the message will be sent.
On the service side the binding context is the Axis MessageContext
which can be retrieved as follows
MessageContext messageContext = msg.getBindingContext();
Take a look at the basic authentication policy to see how this hangs
together
http://svn.apache.org/repos/asf/tuscany/sca-java-2.x/trunk/modules/bindi
ng-ws-runtime-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis
2/policy/authentication/basic/
We haven't tried porting the Rampart based WS security policy over to
the new framework in the 2.x code base yet so it maybe that we need to
improve the framework to as we do that.
If you want to have a go with the security policy in the 2.x code base
you want to implement I'm sure we'd be happy to make any
infrastructure fixes you need to make it possible.
Simon
