http://www.google.com/search?hl=en&q=ws-securitypolicy
On 2/13/06, Scott McCoy <[EMAIL PROTECTED]> wrote: > Thanks, > I actually found this project last friday, did attempt to convince the > specifications author to adhere to these standards, and he refused. > > I am still missing something from this project, though, and that is how > I can *clearly* annotate the requirements of this headers presence in the > WSDL. > > There 'aught to be something to outline that for me, but what, I'm not > sure. > > > Thanks, > Scott S. McCoy > > On 2/13/06, Rodrigo Ruiz <[EMAIL PROTECTED]> wrote: > > Hi Scott, take a look at the wss4j project (at > > http://ws.apache.org/wss4j). It is a security framework that can do what > > you describe, and some more things, like using client certificates > > instead of name/password pairs. It is probably your best option if you > > are looking for a standard implementation :-) > > > > Even if your specification mandates a custom header (in that case I > > would try to convince the author to adhere to the standard :-P), you can > > get ideas from the code, as it uses handlers. > > > > HTH, > > Rodrigo Ruiz > > > > Scott McCoy wrote: > > > That is the client answer, sure. > > > > > > Virtually what I was looking for, but I wanted the server answer.! > > > > > > I want to use wsdl2java to build a service I will deploy with axis, > > > rather than connect to. I am trying to figure out the most pragmatic > > > fasion for building a "component", that I could stuff (possibly, in > > > the <requestFlow/>) that checks the headers, and *stops* the request > > > from getting to the main handler under the instance that my > > > authentication failed. > > > > > > I really wanted to, if possible, use document or wrapped style > > > services, rather than messages style services, also. > > > > > > Thanks! > > > > > > Scott S. McCoy > > > > > > On 2/10/06, * Rave, Mark* <[EMAIL PROTECTED] > > > <mailto: [EMAIL PROTECTED]>> wrote: > > > > > > I don't know if this is what you are asking but it can't hurt to > > > offer it. I used WSDL2Java to generate the stubs and I also had > > > to have authentication information in the SOAP header, this is how > > > I did it but it might not be the best way: > > > > > > SomethingService service = new SomethingServiceLocator(); > > > > > > Something svc = service.getSomethingSOAPPort(); > > > > > > SomethingSoapBindingStub stub = (SomethingSoapBindingStub)svc; > > > SOAPHeaderElement she = new SOAPHeaderElement("namespace", > > > "AuthInfo"); > > > SOAPElement ut = she.addChildElement("UserToken"); > > > SOAPElement un = ut.addChildElement("UserName"); > > > un.addTextNode("username"); > > > SOAPElement pw = ut.addChildElement("Password"); > > > pw.addTextNode("password"); > > > stub.setHeader(she); > > > > > > When I make the call something like this is generated: > > > > > > <SOAP-ENV:Envelope xmlns:SOAP-ENV=" > > > http://schemas.xmlsoap.org/soap/envelope/"; > > > > xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"; > > > xmlns:xsi=" > http://www.w3.org/2001/XMLSchema-instance"; > > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:m="namespace"> > > > <SOAP-ENV:Header> > > > <m:AuthInfo> > > > <m:UserToken> > > > > <m:UserName>username</m:UserName> > > > > <m:Password>password</m:Password> > > > </m:UserToken> > > > </m:AuthInfo> > > > </SOAP-ENV:Header> > > > ...... > > > </SOAP-ENV:Envelop> > > > > > > Hope this helps. > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > [mailto: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>]On Behalf Of > > > Scott McCoy > > > Sent: Friday, February 10, 2006 2:06 PM > > > To: [email protected] <mailto:[email protected]> > > > Subject: Re: Arbitrary Authenitcation Types (based on SOAP Headers) > > > > > > > > > I didn't get a response to this, so I thought I'd re-post it. > > > > > > I just want a handler, before my handler, to get some values from > > > the header and have the ability to stop the request. > > > > > > How does that happen? > > > > > > > > > On 2/8/06, Scott McCoy < [EMAIL PROTECTED] <mailto:[EMAIL > > > PROTECTED]>> wrote: > > > Hello All, > > > I have a specification that demands I use a SOAP Header > > > element for credential verification, and from a technical > > > perspective it needs to be highly reusable, with a technical > > > requirement that it preceeds and stops processing of the SOAP > > > Body. I've found what seems to be just the ticket, which is > > > simply adding a component via the < requestFlow/> element in WSDL > > > or WSDD...But the problem I'm having is that I'm having difficulty > > > finding documentation on doing this. > > > > > > Essentially, I have the following (mock) request envelope: > > > > > > <Envelope xmlns="?soap"> > > > <Header> > > > <authenticate username="..." password="..."/> > > > </Header> > > > <Body> > > > <purchase> > > > <order accountid=".." cardid=".." amount=".."/> > > > <order accountid=".." cardid=".." amount=".."/> > > > </purchase> > > > </Body> > > > </Envelope> > > > > > > > > > Nevermind the details of the SOAP Body, handlers for this are > > > easily generatable by WSDL2Java, but how do I deal with the SOAP > > > Header in a respectible and logical fasion (Axis 1.3) ? > > > > > > > > > Thanks, > > > Scott S. McCoy > > > > > > _________________________________________________ > > > > > > This message is for the designated recipient only and may contain > > > privileged, proprietary, or otherwise private information. If you > > > have received it in error, please notify the sender immediately > > > and delete the original. Any other use of the email by you is > > > prohibited. > > > > > > Espanol - Deutsch - Nederlands - Francais - Italiano - Norsk - > > > Svenska: www.cardinalhealth.com/legal/email > > > <http://www.cardinalhealth.com/legal/email> > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > No virus found in this incoming message. > > > Checked by AVG Free Edition. > > > Version: 7.1.375 / Virus Database: 267.15.6/257 - Release Date: > 10/02/2006 > > > > > > > -- Davanum Srinivas : http://wso2.com/blogs/
