On Wed, Oct 1, 2008 at 4:05 AM, Jean-Sebastien Delfino <[EMAIL PROTECTED] > wrote:
> There's quite a few moving parts now to support various security policies > with Web Services. Some code in binding-ws-axis2, binding-ws-axis2-policy, > policy-security-ws, policy-security and a number of samples and itests. > > So far I've not been able to really grasp all this. Is there an overview of > what each part does and/or how they relate to each other? > > Thanks > -- > Jean-Sebastien > I've been putting what I know here ( http://cwiki.apache.org/confluence/display/TUSCANYWIKI/Policy). Note that some of this information is getting out of date. I see 4 main groups of code in the context of your question; policy provides the intent/policyset code to model information read from definitions.xml policy-security provides pre-canned intent and policy set in definitions.xml files provides generic (i.e. not specific to a binding) policy models and runtimes binding-ws-axis2-policy - binding specific policy support provides pre-canned intent and policy set in definitions.xml files provides binding specific policy models and runtimes binding-ws-axis2 - there may be runtime code that supports particular policies. Look for particular policies and process accordingly policy-security-ws is no longer in the build. I was going to check a few things before suggesting we remove it altogether. Its contents have moved to binding-ws-axis2-policy Some of the policy runtimes, e.g. those that use the axis2 config params to turn on rampart processing for ws security, still rely on the policy handler support. I would hope we can rationalize that to be consistent with other policies. I hope It will either be supported through hardcoded changes to the binding or through the binding specific interceptors being discussed at [1] Regards Simon [1] http://markmail.org/message/hepvbftxec3elasm
