Hello,
My appologies. I missed those lines in WSS4JHandler.java.
Thanks for pointing me to right direction. It is working perfect.
Thanks,
Ashok.
On Wed, 08 Jun 2005 04:35:58 -0700, Davanum Srinivas <[EMAIL PROTECTED]>
wrote:
Werner,
thanks. From what Ashok said, i got the impression that the property
get cleared up in the doReceiver....i should have checked the code :)
-- dims
On 6/8/05, Dittmann, Werner <[EMAIL PROTECTED]> wrote:
Ashok,
the WSDoAllReceiver handler already stores the wsResult
in the message context. This was done to provide following
handlers and the service with all necessary information.
A following handler can access the results in the following
way:
Vector results = (Vector)
mc.getProperty(WSHandlerConstants.RECV_RESULTS));
This vector contains all results of the WSSecurityEngine together with
the actor name for the result set.
Access is as follows:
WSHandlerResult handlerRes = results.get(x);
WSHandlerResult itself contains a vector of WSSecurityEngineResult
object and the actor name for that result set (remember that
we can have several wsse:Security headers with different actors.
Get the actor name for the security header:
String actor = handlerRes.getActor();
If the actor matches (or there is only one actor) then get the
engine results vector:
Vector wsResult = handlerRes.getResults();
To locate a specific result in the WSSecurityEngineResult
vector there are some utility method in WSSecurityUtil, e.g.
WSSecurityEngineResult actionResult =
WSSecurityUtil.fetchActionResult(wsResult, WSConstants.SIGN);
IMO there is no need to change something here. The mechanisms
are in place.
Regards,
Werner
> -----Ursprüngliche Nachricht-----
> Von: Ashok Shah [mailto:[EMAIL PROTECTED]
> Gesendet: Mittwoch, 8. Juni 2005 00:39
> An: [email protected]
> Betreff: SAMLTokenUnsigned profile, Assertion handling
>
>
> Hello,
>
> I am using "SAMLTokenUnsigned" profile in the WSS4J
> implementation. I have
> my own policy enforcement engine that converts the SAML
> request to XACML
> request and then runs it through the XACML PDP and PEP
> enignes. The policy
> enforcement engine is responsible for enforcing the access
> rules to the
> resource requested.
>
> I was wondering if after processing the security header in WSS4J the
> SAMLAssertion instance could be added to the MessageContext
> object so that
> other handlers in the chain could access that SAMLAssertion
> and run it
> through the policy engine that I have designed.
>
> Currently, the WSS4J code only seem to verify the signature
> and trust for
> the Assertion and then puts the assertion in the wsResults
> vector.But once
> the processing is done in doReciever() the assertion cannot
> be accessed
> from other handlers.
>
> I was wondering if someone could help me over here. I am
> ready to work out
> the patch, please let me know.
>
> Thanks,
>
> Ashok.
>
--
Ashok Shah
