Hi,
Please see my answer below.
On Tue, 2008-01-22 at 08:04 +0100, Stadelmann Josef wrote:
> Hi Rampart Developers,
>
> I think what .-2 is asking for is somehow "the normal case". userName and
> password in a xml file is, sorry to me a bit artificial and the wrong place.
> And I really wonder why Rampart can not pick up UserName and Password from
> the options if set as shown by
>
> > options.setUserName("bob");
> > options.setPassword("wspwd");
>
> and as intended by .-2, What is wrong with his intention? The solution
> given in the answer .-1 is very much more confusing me, and it really opens
> ground for many more question toward the team: when to use which option and
> xml file.
>
> I think what most users seek in any case is a simple possibel first approach
> to
> do things and if this first approach does not fit requirements a more complex
> approach is only then required. But sometimes I get the impression that
> we get allmost always the served with the complex approach first and then
> after a
> while and claiming users a more easy approach is give/developed.
>
> Not only true for Rampart.
>
> For me it is very clear what .-2 wants, but the solution given by .-1
> is confusing me. Why do I need to think about a policy based approach if
> I have such a simple demand as .-2 wants?
>
> At least documentation or the answer could go and say in
> which case or configuration or architecture or design one has to use
>
> > options.setUserName("bob");
> > options.setPassword("wspwd");
>
> and in which case one has to use the proposed approache given by .-1
>
> If I read ...
>
> > the username is hardcoded within the OuflowSecurity element in
> > the client config file (client.axis2.xml) as shown below:
>
> HARDCODED ... I become a bit crazzy. How often do we need it like that and
> how often do we need the dynamic approach as .-2 is asking for/attempts to
> have implemented by an easy approach.
>
> Please Rampart developers become clear about when to use which approach.
> And include a working example for each possible approach you can think
> of. Rampart has been tested and hence often examples can just be taken from
> the tests caes, but for that test code has to be provided.
>
> I will have the same issue in a few weeks from now and hope to get it done
> the easy way. :-)
The general practice is NOT to use username/password hard-coded in the
axis2.config.xml file in production. Username/password hard-coded in the
file only for testing and purposes.
There are two ways you can configure Rampart.
* Parameter approach
* Policy approach
We have deprecated the parameter based configuration and always
encourage the policy based configuration. When a person is using policy
based approach everything works smoothly, i.e. username/password is
picked up from the option object without any extra work.
I gave this solution [i am referring to the OutflowConfiguration
solution] because he was using the parameter configuration.
If you are using policy based approach you won't be having this issue in
a few weeks :)
Thank you,
Dimuthu.
> Josef.Stadelmann@
> axa-winterthur.ch
>
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Dimuthu Leelarathne [mailto:[EMAIL PROTECTED]
> Gesendet: Donnerstag, 17. Januar 2008 04:03
> An: [email protected]
> Betreff: Re: Dynamically setting the username/password with Rampart.
>
>
> Hi,
>
> Since you have used the configuration parameters username/password will
> not be picked up from the options object. Username/password will be
> given priority if you are using policy based configuration only.
>
> This is how you set username/password dynamically if you are using
> configuration parameter approach.
>
> OutflowConfiguration ofc = new OutflowConfiguration();
> ofc.setActionItems("UsernameToken");
> options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,
> ofc.getProperty());
>
> myCallback.setUTUsername("bob");
> myCallback.setUTPassword("bobpass");
> options.put(WSHandlerConstants.PW_CALLBACK_REF, myCallback);
>
> /*
> myCallback is an instance of a class extending from
> org.apache.ws.security.WSPasswordCallback.
> You should implement it.
> */
>
> Then remove the password callback class given in the client.axis2.xml
> because there Rampart doesn't give priority to PW_CALLBAK_REF.
>
> Thanks,
> Dimuthu.
>
>
>
> On Wed, 2008-01-16 at 11:36 +0000, Sanjay Vivek wrote:
> > Hi everyone,
> >
> > I'm attempting to call a simple Web Service (an Echo Service) that is
> > protected by WS-Security UsernameToken. I'm using Axis2-1.3 and Rampart
> > 1.3. I've been looking at the samples given in the Apache Rampart distro
> > and it makes sense to me. However, in the samples given in the Rampart
> > distro, the username is hardcoded within the OuflowSecurity element in
> > the client config file (client.axis2.xml) as shown below:
> >
> > <parameter name="OutflowSecurity">
> > <action>
> > <items>UsernameToken Timestamp</items>
> > <user>bob</user>
> >
> > <passwordCallbackClass>org.apache.rampart.samples.sample02.PWCBHandler</
> > passwordCallbackClass>
> > </action>
> > </parameter>
> >
> >
> > However, I want to set username/password dynamically, and I'm attempting
> > to use the ServiceClient to do just this.
> >
> > The code snippet below shows how I've gone about using the ServiceClient
> > to set the username and password:
> >
> > ConfigurationContext ctx = ConfigurationContextFactory
> > .createConfigurationContextFromFileSystem(axis2ConfPath, null);
> >
> > ServiceClient client = new ServiceClient(ctx, null);
> > OMElement payload = client.sendReceive(getPayload("Hello world"));
> >
> > Options options = new Options();
> > client.engageModule(new QName("rampart"));
> >
> > options.setTo(targetEPR);
> > options.setAction("urn:echo");
> >
> > options.setUserName("bob");
> > options.setPassword("wspwd");
> >
> > client.setOptions(options);
> > result = client.sendReceive(payload);
> >
> > However, the client seems to be picking up the value within the <user>
> > element in the "OutflowSecurity" element which is defined in
> > client.axis2.xml (from axis2ConfPath/conf). How do I override the "user"
> > value in client.axis2.xml so that the client picks up the username from
> > 'options.setUserName("bob")'? Any help would be appreciated. Cheers.
> >
> > Regards
> > --------------
> > Sanjay Vivek
> > Web Analyst
> > Middleware Team
> > ISS
> > University of Newcastle Upon Tyne
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
