Classification: UNCLASSIFIED Caveats: NONE See the response embedded with prefix "GY:".
Gang -----Original Message----- From: Simon Nash [mailto:n...@apache.org] Sent: Thursday, February 03, 2011 4:27 PM To: dev@tuscany.apache.org Subject: Re: Can application code and interceptor/handler code in Tuscany communicate with each other via some context? (UNCLASSIFIED) Yang, Gang CTR US USA wrote: > Classification: UNCLASSIFIED > Caveats: NONE > > Hi, > > I'm continuing the effort to add WS-Security to Tuscany 1.6.1 using the > PolicyHandler extension framework (later to Tuscany 2.0 using Policy > interceptor framework). I have another need for a framework capability, > which is to be able to pass information/state between the application > code, which is either a WS client or WS service using the WS binding, > and the Tuscany interceptors in general or PolicyHandler in my > particular case. I've been poking around in the debugger and did not see > anything I could possibly use. Is such capability available through some > mechanism? > > As an example, Axis2 service implementation (skeleton), which extends > Axis2Service, can call the static > MessageContext.getCurrentMessageContext() to obtain the current > MessageContext and add properties to it. While the Axis2 handler's > invoke() method is call with the MessageContext, where the handler can > get the properties set by the application code. Also JAX-WS framework > allows WebServiceContext to be injected into application code and from > WebServiceContext application code can obtain the SOAPMessageContext. > While SOAPMessageContext is pass into handler's method. > At first sight this would seem to go against a key principle of SCA, namely the separation of application business logic and infrastructure concerns. Can you give an example of what kind of state you need to pass between application code and policy handlers? GY: The use case applies to SCA well. When a new service is developed referencing other existing services. The authorization is best done in a distributed fashion - the information owning service makes the authorization decision based on its existing policies. This means that when a client access this new service with its credential, this credential (in the form of some security token, say SAML) would need to be passed to the other existing services for authorization. Translated to SCA view, the handler for the service WS binding needs to pass the user credential to the handler for the reference WS binding. Since the two handlers does not have any direct relation, this is done (in other frameworks such as Axis2, JAX-WS and JAX-RPC) through the new service implementation code which connects the service (inbound from the client) to the reference (outbound to other services). Simon > > > Thanks, > > Gang > > > > > Classification: UNCLASSIFIED > Caveats: NONE > Classification: UNCLASSIFIED Caveats: NONE
