[jira] Commented: (TUSCANY-2824) Cannot engage web service security

Thu, 12 Feb 2009 05:38:32 -0800 

    [ 
https://issues.apache.org/jira/browse/TUSCANY-2824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12672970#action_12672970
 ] 

Simon Laws commented on TUSCANY-2824:
-------------------------------------

I committed a change at  revision: 743732   that re-enables the rest of 
WSPolicy. 

Two not so great fixes here...

Firstly WSSecurityPolicyHandler pushes a property into the Axis configuration 
context to force Rampart to recognize the policy. I haven't discovered what 
part of our configuration is required to do this properly. More investigation 
required.

Secondly I fixed the helloworld-ws-service-secure test case to reference the 
wsdl on binding.ws. Without this you get a NPE in axis/rampart as it fails to 
map binding operations to port type operation using QNames (don't know why it 
thinks these are QNames). Our generated WSDL has the generated binding in a 
different namespace to the port type. Associating the wsdl binding with 
binding.ws means that the binding is not generated at the made up QNames match. 
This issues has two areas of further investigate. We need to raise a JIRA with 
Axis (I'll do that and post here). We need to review the mechanism by which we 
genetate WSDL with different namespaces and also with imports. The latter is 
probably a 2.x piece of work. 

Some discussion of this last issue on our ML here 
http://www.mail-archive.com/dev%40tuscany.apache.org/msg05225.html


> Cannot engage web service security
> ----------------------------------
>
>                 Key: TUSCANY-2824
>                 URL: https://issues.apache.org/jira/browse/TUSCANY-2824
>             Project: Tuscany
>          Issue Type: Bug
>          Components: Java SCA Axis Binding Extension
>    Affects Versions: Java-SCA-1.4
>         Environment: At least linux, windows with jetty, tomcat.
>            Reporter: Phil Housley
>            Assignee: Simon Laws
>            Priority: Critical
>
> Web services exposed with Tuscany do not apply the wss rules assigned to 
> them, and therefore give full access to any caller.
> Example: helloworld-ws-service-secure - appears to run fine, but actually 
> does not require authentication/integrity as is declared in the composite.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to