Classification: UNCLASSIFIED Caveats: NONE
Hi, I am trying to see how I can add a new WS-security implementation to the WS binding. I've got a policy extension hooked into Tuscany runtime using Tuscany 1.6. However, I seem to have a hard time to place my policy interceptor at the right place to be able to add security to the SOAP message. While poking around inside the debugger and with experiments, I found the following: 1. If I return "referece.binding.policy" when getPhase() is called, Tuscany runtime will place my policy interceptor after the WS binding invoker (Axis2BindingInvoker) in the invocation chain. Since Axis2BindingInvoker does not continue the invocation in the chain, my policy interceptor is never called. 2. If I return "reference.policy" instead, my policy interceptor is placed before the WS binding invoker and will be called. But any headers I add are ignored by Axis2BindingInvoker. Also I can't access the SOAP body element, only the body content, which is not good enough if I need to add ID to the SOAP body for signature reference. I'm looking for pointers and suggestions on how to go about adding a new WS-security. I do understand that Axis2 WS extension provides WS-security through Rampart, but I need to provide our own security implementation. More detailed questions: 1. Are binding policy phase implemented in the current Tuscany? If so, who is responsible to enable "reference.binding.policy" or "service.binding.policy" phase interceptor, Tuscany runtime or the binding extension, such as Axis2BindingInvoker? 2. I also tried 1.6.1 and failed. Would 2.0.Beta1 have fixed the problem? 3. Is there a way to exten Axis2 WS binding so that I can hook my WS-security implementation as an Axis2 module, just like Rampart module, at Axis2 service level? Thanks, Gang Classification: UNCLASSIFIED Caveats: NONE
