[
https://issues.apache.org/jira/browse/RAMPARTC-56?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12561779#action_12561779
]
Supun Kamburugamuva commented on RAMPARTC-56:
---------------------------------------------
If a single client is used by many users setting only the password won't help.
At the moment rampart assumes that a single client has a single user and the
user name is set in the client policy file. But unfortunately this is not the
case always.
In the case of multiple users, Rampart should support single client with
different user names and passwords.
AFAK there are two ways that we can solve this.
1. Providing functionality in the axis2 client code to include username and
password. This can be done using a callback function as Uthaiyashankar as
suggested.
2. Providing access to the rampart context in the client code. This will enable
the user to set the username and password as she wishes.
My personal preference is second option. By providing a call back function what
we ultimately do is populating the rampart context. So why we do it in a vey
complex and hard to understand way to the user while we can simply allow the
user to set the username and password in the rampart context.
I know, providing access to the rampart context in the client code is not that
easy and we need to change or add functionality to the svc client code. But as
the Rampart evolves we may need to allow the user to set values to the rampart
context more often. Best example is the SAML tokens. Another situation that
comes to my mind is using different certificates to sign the messages sent by
the same client(if multiple users are using the same client). Definitely we
cannot do something like above using configuration files. It is hard to
implement and use callback functions every time we need to introduce a new
feature.
Any comments or suggestions are highly appreciated.
> Avoid deploying password callback modules in the client code
> ------------------------------------------------------------
>
> Key: RAMPARTC-56
> URL: https://issues.apache.org/jira/browse/RAMPARTC-56
> Project: Rampart/C
> Issue Type: Improvement
> Components: Rampart-core
> Affects Versions: 1.2.0
> Environment: N/A
> Reporter: Malinda Kaushalye Kapuruge
> Assignee: S.Uthaiyashankar
> Fix For: 1.2.0
>
>
> Right now in order to get the password, the client has to write a password
> callback module and deploy it. And then refer the name of the dll via the
> policy descriptor. This is quite unnecessary, if we can provide a callback
> function in the client code.
> So my suggestion is that we set a pointer of the callback function in to the
> message context within the client code. Later when the rampart context is
> created, we can transfer this function pointer to the rampart context.
> In this way without changing the core functionalities we can get rid of the
> password callback modules in the client side.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
