Re: Arbitrary Authenitcation Types (based on SOAP Headers)

Mon, 13 Feb 2006 00:46:52 -0800

Hi Scott, take a look at the wss4j project (at http://ws.apache.org/wss4j). It is a security framework that can do what you describe, and some more things, like using client certificates instead of name/password pairs. It is probably your best option if you are looking for a standard implementation :-)
Even if your specification mandates a custom header (in that case I would try to convince the author to adhere to the standard :-P), you can get ideas from the code, as it uses handlers. 

HTH,
Rodrigo Ruiz

Scott McCoy wrote:

That is the client answer, sure.

Virtually what I was looking for, but I wanted the server answer.!


I want to use wsdl2java to build a service I will deploy with axis, 
rather than connect to.  I am trying to figure out the most pragmatic 
fasion for building a "component", that I could stuff (possibly, in 
the <requestFlow/>) that checks the headers, and *stops* the request 
from getting to the main handler under the instance that my 
authentication failed.



I really wanted to, if possible, use document or wrapped style 
services, rather than messages style services, also.


Thanks!

    Scott S. McCoy


On 2/10/06, * Rave, Mark* <[EMAIL PROTECTED] 
<mailto:[EMAIL PROTECTED]>> wrote:


    I don't know if this is what you are asking but it can't hurt to
    offer it.  I used WSDL2Java to generate the stubs and I also had
    to have authentication information in the SOAP header, this is how
    I did it but it might not be the best way:

      SomethingService service = new SomethingServiceLocator();

      Something svc = service.getSomethingSOAPPort();

      SomethingSoapBindingStub stub = (SomethingSoapBindingStub)svc;
      SOAPHeaderElement she = new SOAPHeaderElement("namespace",
    "AuthInfo");
      SOAPElement ut = she.addChildElement("UserToken");
      SOAPElement un = ut.addChildElement("UserName");
      un.addTextNode("username");
      SOAPElement pw = ut.addChildElement("Password");
      pw.addTextNode("password");
      stub.setHeader(she);

    When I make the call something like this is generated:

    <SOAP-ENV:Envelope xmlns:SOAP-ENV="
    http://schemas.xmlsoap.org/soap/envelope/";
    xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/";
    xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance";
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:m="namespace">
    <SOAP-ENV:Header>
            <m:AuthInfo>
                    <m:UserToken>
                            <m:UserName>username</m:UserName>
                            <m:Password>password</m:Password>
                    </m:UserToken>
            </m:AuthInfo>
    </SOAP-ENV:Header>
            ......
    </SOAP-ENV:Envelop>

    Hope this helps.

    -----Original Message-----
    From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
    [mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>]On Behalf Of
    Scott McCoy
    Sent: Friday, February 10, 2006 2:06 PM
    To: [email protected] <mailto:[email protected]>
    Subject: Re: Arbitrary Authenitcation Types (based on SOAP Headers)


    I didn't get a response to this, so I thought I'd re-post it.

    I just want a handler, before my handler, to get some values from
    the header and have the ability to stop the request.

    How does that happen?


    On 2/8/06, Scott McCoy <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote:
    Hello All,
        I have a specification that demands I use a SOAP Header
    element for credential verification, and from a technical
    perspective it needs to be highly reusable, with a technical
    requirement that it preceeds and stops processing of the SOAP
    Body.  I've found what seems to be just the ticket, which is
    simply adding a component via the < requestFlow/> element in WSDL
    or WSDD...But the problem I'm having is that I'm having difficulty
    finding documentation on doing this.

        Essentially, I have the following (mock) request envelope:

    <Envelope xmlns="?soap">
        <Header>
            <authenticate username="..." password="..."/>
        </Header>
        <Body>
            <purchase>
                <order accountid=".." cardid=".." amount=".."/>
                <order accountid=".." cardid=".." amount=".."/>
            </purchase>
        </Body>
    </Envelope>


        Nevermind the details of the SOAP Body, handlers for this are
    easily generatable by WSDL2Java, but how do I deal with the SOAP
    Header in a respectible and logical fasion (Axis 1.3) ?


        Thanks,
        Scott S. McCoy

    _________________________________________________

    This message is for the designated recipient only and may contain
    privileged, proprietary, or otherwise private information. If you
    have received it in error, please notify the sender immediately
    and delete the original. Any other use of the email by you is
    prohibited.

    Espanol - Deutsch - Nederlands - Francais - Italiano - Norsk -
    Svenska: www.cardinalhealth.com/legal/email
    <http://www.cardinalhealth.com/legal/email>


------------------------------------------------------------------------

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: 10/02/2006

  






















					Reply via email to