Hi,
I tried it out and wrote a RMAssertionProcessor, which is providing the
following methods:
public void initializeRMAssertion(RMPolicyToken rmpt)
throws NoSuchMethodException;
public Object doRMAssertion(RMProcessorContext rmpc) {
public Object doAcknowledgementInterval(RMProcessorContext rmpc);
public Object doExponentialBackoff(RMProcessorContext rmpc);
public Object doInactivityTimeout(RMProcessorContext rmpc);
public Object doBaseRetransmissionInterval(RMProcessorContext rmpc);
After adapting some of the other classes (RMPolicy, PolicyEngineData
etc.) it works. A correct policy (WSRMP 1.0) is processed and the
correct data is available in the PolicyEngineData object.
Now I want to return false, if two inconsistent tokens are included in
one wsrm:Assertion. To do this lets look into the implementation:
public Object doAcknowledgementInterval(RMProcessorContext rmpc){
PolicyEngineData engineData = rmpc.readCurrentPolicyEngineData();
String attrName =
rmpc.readCurrentSecurityToken().getAttributes()[0];
String txt = rmpc.getAssertion().getAttribute(new QName(attrName));
engineData.setAcknowledgementInterval(Long.parseLong(txt.trim()));
return new Boolean(true);
}
One possibility is to set a flag in the engineData, if the
AcknowledgementInterval is already set. And return false if it is
already set. This could appear in the following case:
<wsrm:RMAssertion>
<!-- <wsrm:InactivityTimeout Milliseconds="600000" /> -->
<wsrm:InactivityTimeout Milliseconds="16"/>
<wsrm:InactivityTimeout Milliseconds="240000"/>
</wsrm:RMAssertion>
But how should I do, if there are several <wsrm:RMAssertion> elements in
one Policy?
Thanks,
Benjamin
Hi Benjamin, All,
On 1/23/06, Benjamin Schmeling <[EMAIL PROTECTED]> wrote:
I think the implementation of the RMPolicyProcessor is not as complex as
the WSSPolicyProcessor because there are no complex elements (assertion
tokens which contain other tokens), is there a skeleton implementation
available yet? I would try to implement this in a simple way.
yes, you are absolutely correct. The WSRM policy assertions are much
simpler and easy to process compared to WSSecurity policy assertions.
There is fine example on how to process a WSSecurity policy by
Dittmann, Werner at:
https://svn.apache.org/repos/asf/webservices/commons/trunk/policy/examples/wsse
I copied that code and simplifed it to process any RM Policy
assertions and retrive the configuration information out from those
assertions. I will commit that to sandesha2 repostiory as soon as I
finish it.
It might help you a bit if you want to do the same in Sandesha1
Another question is how to combine the WSSPolicy and the WSRMPolicy
processors to find a complete compability between a clients and a
servers policy. Has anyone made considerations about this?
Please see:
http://mail-archives.apache.org/mod_mbox/ws-axis-dev/200511.mbox/[EMAIL
PROTECTED]
http://mail-archives.apache.org/mod_mbox/ws-axis-dev/200511.mbox/[EMAIL
PROTECTED]
Hope this will help !!
Best,
Sanka
Thanks,
Benjamin
Hi Benjamin,
On 1/23/06, Benjamin Schmeling <[EMAIL PROTECTED]> wrote:
Okay, but I could use the Ws Commons Policy implementation to intersect
the policies of the server and the client (Assuming I know how to
retrieve them). I tried it out with examples of RM-Policy, but the
results of the intersection is not as I expected:
Policy A is:
<wsp:Policy xmlns:tns="example.com"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="MyPolicy">
<wsrm:RMAssertion>
<wsrm:InactivityTimeout Milliseconds="240000"/>
<wsrm:BaseRetransmissionInterval Milliseconds="3000"/>
<wsrm:ExponentialBackoff/>
<wsrm:AcknowledgementInterval Milliseconds="200"/>
</wsrm:RMAssertion>
<!-- omitted assertions -->
</wsp:Policy>
Policy B is:
<wsp:Policy xmlns:tns="example.com"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="MyPolicy">
<wsrm:RMAssertion>
<wsrm:InactivityTimeout Milliseconds="1000"/>
<wsrm:BaseRetransmissionInterval Milliseconds="3000"/>
<wsrm:ExponentialBackoff/>
<wsrm:AcknowledgementInterval Milliseconds="200"/>
</wsrm:RMAssertion>
<!-- omitted assertions -->
</wsp:Policy>
The intersection is:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
wsu:Id="MyPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsrm:RMAssertion
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";>
<wsrm:InactivityTimeout Milliseconds="100" />
<wsrm:BaseRetransmissionInterval Milliseconds="3000" />
<wsrm:ExponentialBackoff /><wsrm:AcknowledgementInterval
Milliseconds="200" />
</wsrm:RMAssertion>
<wsrm:RMAssertion
xmlns:wsrm="http://schemas.xmlsoap.org/ws/2005/02/rm/policy";>
<wsrm:InactivityTimeout Milliseconds="240000" />
<wsrm:BaseRetransmissionInterval Milliseconds="3000" />
<wsrm:ExponentialBackoff />
<wsrm:AcknowledgementInterval Milliseconds="200" />
</wsrm:RMAssertion>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
I expected, that there is no common agreement between client and server,
because of the different InactivityTimeout. Is that because of the
general definition of WS-Policy ?
yes, thats the exact definition of policy intersect according
WS-Policy specification. The result you got is correct according to
the sepc.
Do we need another implementation for
the concrete domain specific policy assertions (e.g. RMPolicy)?
Rather you need a domain specific policy processor (say
RMPolicyProcessor) to evaluate those two RMAssertions and to throw a
fault saying that there is a policy violation or policy
incompatibility .
Sanka
Thanks,
Benjamin
Hi Benjamin,
Sandesha 1 works with Axis 1 and it supports only the static policy.
That is policy is read from a file in both client and server side.
WS-Commons policy will be used in Axis2 and Sandesha2 to get the
policies dynamically from server. Still the client side of Axis2 needs
some work regarding dynamic policies.
It will be there soon.
Thanks,
Jaliya
----- Original Message ----- From: "Benjamin Schmeling"
<[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, January 20, 2006 10:07 AM
Subject: WS Commons Policy
Hi,
I am using Apache Sandesha 1.0 and Axis for reliable messaging. Now I
want
to attach a policy to my web service, so the client can get the
policy of
that web service (which should only accept reliable messaging calls) and
check if the clients policy is supported by this service. I am using
Axis
1.2.1.
Is there any possibility to do this with WS Commons Policy ? I saw that
there are provided a policy model and merging, normalizing operations. I
don't know how to get the policy from the server and if it is
possible to
do this with Axis 1.x.
Thanks,
Benjamin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
