Hi Stefan,
See my comments in-line;
stlecho wrote:
Hi Ruwan,
Indeed, the requirement is to use a different security policy for incoming
and outgoing messages. This requirement is for me rather critical as most of
the webservices that we call are based on this principle (signed request and
unsigned response).
OK.
With our Axis2-based application, we were able to specify this requirement
by using the "OutflowSecurity" and "InflowSecurity" (in this case not
specified) parameters in axis2.xml. Any idea why the same kind of
configuration is no longer possible when using a policy file ?
It should be possible, but according to the Policy specification the two
policies for the inMessage and the outMessage has to be provided in
separate policies in separate policy objects (files). For the moment we
do not, support the policies at that granularity. (i.e. specify the
policy for inMessage as well as outMessage), Rather we only take one
policy and applies to the service so that the same policy will be
applied to both in and out messages. This should be a trivial fix but
requires some testing, so I will start work on this, because this is
critical to you.
At the same time I assume the above configuration on security that you
have done for the axis2 is based on the axis2 phases right? If not we
can leverage the same if it is a parameter in axis2.xml, I will get back
to you on this after raising the question to one of our security experts.
About your "applies only on the proxy service level" remark. At this point
in time, the WS-Security settings are specified on the Proxy and/or Endpoint
level. If a different security policy should be used for incoming and
outgoing messages, would this mean that the security policy will be linked
to the Proxy's Target Sequences ?
Not to the proxies target sequence, but just to the proxy service, that
is as we normally do for any of the axis service, you will have to
provide the security policy for the proxy service, in which case you can
get the InMessage and OutMessage from proxy service and attach the two
policies to those, in the code level this would be;
proxy.getInMessage().setPolicy(....)
proxy.getOutMessage().setPolicy(....)
but the problem is endpoint does not have this kind of analogy of in and
out messages, but I hope this can be resolved :-)
PS: Any idea about the release date of the next ESB release or the
availability of this requirement in the Subversion repository or nightly
builds (if they exist) ?
Well, we do not have a finalized date for the release, but the nightly
builds are there. I will link to them once I am done with the improvement.
Thanks,
Ruwan
Regards, Stefan.
Ruwan Linton-3 wrote:
_______________________________________________
Esb-java-user mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/esb-java-user
