Dimuthu Leelarathne wrote:
Hi Jens,On Mon, 2008-02-04 at 18:42 +0530, Asankha C. Perera wrote:Hi JensMy ideas are to inject some user values in the soap-message (username and password) and encrypt the soap-message. The esb will take these values and proofs it by using the wso2 usermanager.As I understand you need to authenticate users using username/password. This can be done in several ways as follows. 1) Using http basic authentication over SSL 2) Using Username Token over SSL3) Using an encrypted Username Token.Implementation details of the above techniques can be described as follows. First method ============ First approach is the easiest to implement and sufficient for most situations. You can write a simple Java POJO class at the service to authenticate users by calling usermanager. If you want a more efficient approach you can implement a custom mediator with a caching technique which uses usermanager to perform authentication. This is how you write a custom mediator [1] This is how you read the http authentication headers [2] Second method ============= This is a WS-Security policy based approach. Rampart is used for injecting and authenticating the Username Token. The security policy needed for this is available in the Rampart distribution[3]. The sample is samples/policy/sample01 in the Rampart distribution. Third method ============ This is a WS-Security policy based approach. Here you have to use Asymmetric Binding and use UsernameToken as a supporting token. We don't have a sample for this yet. But you can look at the Rampart samples and read the WS policy specification for this.
This is the policy you can use with this method : https://wso2.org/repos/wso2/trunk/wsas/java/modules/core/conf/rampart/scenario8-policy.xml Thanks, Ruchith
Links [1]http://wso2.org/library/2898[2]http://www.mail-archive.com/[EMAIL PROTECTED]/msg00065.html [3]http://www.apache.org/dyn/mirrors/mirrors.cgi/ws/rampart/1_3/rampart-1.3.zipThank you, DimuthuSure, this is possible with a custom mediator or a simple Java POJO class that calls into the usermanager library. You could also use WS-Security without coding using a WS-Security policy. I am copying Dimuthu from the usermanager/Rampart team so she could point you in the correct direction. We have some samples that shows how WS-Sec can be used with policies (http://wso2.org/project/esb/java/1.6/docs/ESB_Samples.html)After a successfull authentification I have to indicate that they other esbs and services itself don´t need to proof it again. I don´t want to make a new authentification at all intermediate stations, so in my eyes a flag in the soap message to say "Already authenticated"is enough, or?If this is totally within your intranet, I guess this should be enough. You could also use https to secure the messages over the wireI have to write an own mediation than, right? Or is there a solution out of the box?Well you could use the Header mediator to add a custom SOAP header to a message (http://wso2.org/project/esb/java/1.6/docs/ESB_Configuration_Language.html) You could also use a custom extension mediator if you like, but this doesn't seem necessaryWhat´s about the identity solution? Does it fit to myrequirements? Any other ideas in general for doing that?If you want to call into the user manager library and add the custom header both at once etc. writing a custom mediator may be ok asankha_______________________________________________ Esb-java-user mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Esb-java-user mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
