Re: [Axis2] Phase of Inflow Security Handler

Thu, 25 Aug 2005 04:13:04 -0700

IMHO I don't think anything can be there before the security handler (Say the WHOLE message is encrypted). So in most cases we have to run the security handler as early as possible, but in some other cases we should wait a bit.
My guess is since it's possible to deploy the same handler in several places, we can place the security handler in the possible places where security can be implemented, say at the begining of the predispatch and inside the dispatch phases. The security handle should have fall through code to handle it though. we might also need a flag (probably in the MC properties) to say that the security is done!

On 8/25/05, Eran Chinthaka <[EMAIL PROTECTED] > wrote:
No this will not help.
There can be some handlers in the pre-dispatch phase, which can not operate before Security, if present, but need to operate before dispatching.

-- EC


Ruchith Fernando wrote: 
So are we going to include the "RequestURIBasedDispatcher" in
"DispatchPhaseOne".

If that is the case we simply change the order of the dispatchers in
the "Dispatch" phase, by slightly modifying

org.apache.axis2.engine.AxisConfigurationImpl and deploy the security
IN handler in the "Dispatch" phase 'after' the
"RequestURIBasedDispatcher".

I don't think we really need two dispatch phases like that, since this

seems to be a requirement unique to the security module. what do u
think?

--Ruchith

On 8/25/05, Eran Chinthaka 
<[EMAIL PROTECTED]> wrote:
  
Agreed, but for HTTPand SMTP only. What about for the TCP case ? Service
identification based on the socket information ? If so, fine.

So lets have a phase called "DispatchPhaseOne". And the rest in

"DispatchPhaseTwo".

Ruchith Fernando wrote:

    
Hi All,

When security is enabled for a certain service, the inflow security
handler (WSDoAllReceiver) will have to be invoked on requests to that
perticular service.

Therefore we will have to deploy the WSDoAllReceiver within the

"Dispatch" phase after the "RequestURIBasedDispatcher".

But the Axis2 right now enforces the "AddressingBasedDispatcher" to be
run ahead of all the others and this order is not configurable. But

IMHO we should not access the other SOAP headers before the security
processing is complete.

Since RequestURIBasedDispatcher is the only possible mechanism to
figureout the service without accessing the other SOAP headers (
e.g.
wsa headers) and the SOAP bosy, can we change the order of the
dispatchers, or can we make it configurable such that its possible to
change the dispatch order (to have the RequestURIBasedDispatcher
first),  when the security module is engaged?


Thanks,
--
Ruchith



--
Ajith Ranabahu

Reply via email to