Hello, I have finished a first version of the implementation of the securityhandler. (you can find the source code in attachment : I have worked on the version servicemix-3.3.0.8-fuse because it's the version the customer uses). There is still many tthings to add and correct.
I have defined an additional property "securityhandler" in the WSNConfigurationMBean and the WSNConfiguration classes which corresponds to the name of the class which implements SecurityHandler. This property can be defined in the conf/component.properties file like this : "servicemix-wsn2005.securityHandlerClassName=org.apache.servicemix.wsn.security.DefaultSecurityHandler". I have initialized the property in the WSNLifeCycle class and I have called the SecurityHandler in the AbstractNotificationBroker class before handling the subscription request for example. I have taken example on the http-component to do all this "chaining" : I hope you will like it ! I have just some more questions : - I only need to check security in 4 situations (before accepting a subscription, before accepting a publisher registration, before accepting a publisher notification, before sending a notification) but I think we must define methods for all possible situations in the security handler. I list these ones, is it complete ? 1.before accepting a subscription 2.before accepting a publisher registration 3.before accepting a publisher notification 4.before sending a notification 5.before pausing a subscription 6.before resuming a subscription 7.before renewing a subscription 8.before accepting an unscubscription 9.before accepting to destroy a publisher registration - is it correct to say that these methods throw an exception if the security needs are not OK and returns nothing if all is OK ? If yes, the "subscribe" method throws 3 interesting faults (SubscribeCreationFailedFault, UnrecognizedPolicyRequestFault, UnsupportedPolicyRequestFault) whiwh can describe the problem and are defined in the specification but it's not present for all the methods. What do you think about it ? - can you look at the sources and tell me what you think ? Thanks in advance, Anne. http://www.nabble.com/file/p19719740/sources_wsn_securityhandler.zip sources_wsn_securityhandler.zip Anne Noseda wrote: > > Hello, > > I will begin to implement the improvements we discussed in the post > (WS-Notification Component Improvment). I will start with the security > point. > The idea was to create an interface "securityhandler" that each developper > can implement as he need to check security : > - before accepting subscription; > - before accepting publisher registration; > - before sending notification. > Is it correct to define this property "securityhandler" in the class > "WSNConfiguration" of the package "org.apache.servicemix.wsn.component" ? > If yes, how can we configure it ? Indeed, the wsn-component has no > "xbean.xml" to deploy it as the others components. Is it in the > conf/component.properties file like this : > "servicemix-wsn.securityHandler=java\:comp/env/smx/LdapSecurityHandler" > for example where "java\:comp/env/smx/LdapSecurityHandler" is a jndi key > to retrieve the object ? > > Thanks in advance, > > Anne. > -- View this message in context: http://www.nabble.com/WS-Notification-Component-Improvement---SecurityHandler-tp19683627p19719740.html Sent from the ServiceMix - Dev mailing list archive at Nabble.com.
