On Tue, Jan 18, 2011 at 10:08 PM, Yang, Gang CTR US USA <[email protected]> wrote: > Classification: UNCLASSIFIED > Caveats: NONE > > Hi, > > I am trying to see how I can add a new WS-security implementation to the WS > binding. I've got a policy extension hooked into Tuscany runtime using > Tuscany 1.6. However, I seem to have a hard time to place my policy > interceptor at the right place to be able to add security to the SOAP > message. While poking around inside the debugger and with experiments, I > found the following: > > 1. If I return "referece.binding.policy" when getPhase() is called, Tuscany > runtime will place my policy interceptor after the WS binding invoker > (Axis2BindingInvoker) in the invocation chain. Since Axis2BindingInvoker > does not continue the invocation in the chain, my policy interceptor is > never called. > > 2. If I return "reference.policy" instead, my policy interceptor is placed > before the WS binding invoker and will be called. But any headers I add are > ignored by Axis2BindingInvoker. Also I can't access the SOAP body element, > only the body content, which is not good enough if I need to add ID to the > SOAP body for signature reference. > > I'm looking for pointers and suggestions on how to go about adding a new > WS-security. I do understand that Axis2 WS extension provides WS-security > through Rampart, but I need to provide our own security implementation. > > More detailed questions: > > 1. Are binding policy phase implemented in the current Tuscany? If so, who > is responsible to enable "reference.binding.policy" or > "service.binding.policy" phase interceptor, Tuscany runtime or the binding > extension, such as Axis2BindingInvoker? > > 2. I also tried 1.6.1 and failed. Would 2.0.Beta1 have fixed the problem? > > 3. Is there a way to exten Axis2 WS binding so that I can hook my > WS-security implementation as an Axis2 module, just like Rampart module, at > Axis2 service level? > > Thanks, > Gang > > Classification: UNCLASSIFIED > Caveats: NONE > > Hi Gang
Sorry for the slow reply. The binding.ws implementation in Tuscany 1.6 is a bit closed in the sense that to add binding specific behaviour you need to get some code into the binding. In 2.x (and in the JMS binding in 1.x) we created what we called a binding wire to allow normal interceptors to phases that effectively sit inside the binding however in the 1.x web services binding we had a thing called a PolicyHandler that was called at setup and before and after the invocation. You can see how the existing WS Policy Handler interacts with the Axis context here; http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/modules/binding-ws-axis2-policy/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/wspolicy/WSSecurityPolicyHandler.java This policy handler is registered with the infrastructure by this file; http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/modules/binding-ws-axis2-policy/src/main/resources/META-INF/services/org.apache.tuscany.sca.policy.util.PolicyHandler In the 2.x code base we have a binding chain in the web services binding so that you can get at the axis message context between the invoker and when the message gets put out onto the transport. There is a REFERENCE_BINDING_POLICY and a SERVICE_BINDING_POLICY now amongst others. In the binding.ws case on the reference side the Axis OperationClient is put in the binding context. You can get at it in a binding chain interceptor with OperationClient operationClient = msg.getBindingContext(); So you can affect the way that the message will be sent. On the service side the binding context is the Axis MessageContext which can be retrieved as follows MessageContext messageContext = msg.getBindingContext(); Take a look at the basic authentication policy to see how this hangs together http://svn.apache.org/repos/asf/tuscany/sca-java-2.x/trunk/modules/binding-ws-runtime-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/policy/authentication/basic/ We haven't tried porting the Rampart based WS security policy over to the new framework in the 2.x code base yet so it maybe that we need to improve the framework to as we do that. If you want to have a go with the security policy in the 2.x code base you want to implement I'm sure we'd be happy to make any infrastructure fixes you need to make it possible. Simon -- Apache Tuscany committer: tuscany.apache.org Co-author of a book about Tuscany and SCA: tuscanyinaction.com
