Please take a look at how addressing is handled. We can turn it on/off for any service mediated by Synapse. It is off by default and then engaged as needed by Synapse.
Paul
On 12/22/01, Vikas <[EMAIL PROTECTED]> wrote:
Hi everyone,Was just wondering:If security is offered as an axis2 service (i.e. an aar) it could be called for any particular service[that is being mediated] by putting the <serviceMediator> tag after a regex or xpath evaluation checking for that service..If it is used like addressing(ie a module/mar) and engaged at a global level, we could never turn it off.[I think, Axis2 does not allow dis-engaging of modules]So we would force all the services being mediated to flow through a security module ?Am i missing something or thinking aloud?Thanks,~Vikas.ps:Imagine xmethods-delayed-stockQuotes and New-York stock exchange' s stock quote services being mediated by Synapse, the former would not ask for security whereas the latter maight just be paranoid and ask for a security arrangement to be in place.If security is a service(aar), we treat it like a mediator and say<regex message-address="to" pattern="http://new-yorkStockExchange.*"><servicemediator name="securityForNYSE" service="security"/>----- Original Message -----From: Paul FremantleSent: Thursday, December 22, 2005 6:06 PMSubject: Re: Security as a QOSWhat I assumed is that to enable security you would add the following things to your install:
* WSS4J-Snapshot
* security.mar
* synapse-wss.jar
Together these would add the tags to the synapse install. I don't see why it has to be an AAR. Can't we do the same trick as with Addressing and engage security on the emptymediator?
Paul
On 12/22/05, Saminda Abeyruwan <[EMAIL PROTECTED]> wrote:On 12/22/05, Paul Fremantle < [EMAIL PROTECTED]> wrote:Saminda
One use case I imagine for Synapse is to handle multiple different security configurations. I don't believe we should do the security as an AAR.
Axis2 level if we want to have security functionality we need need to have a aar. I don't know whether we can have this functionality as a jar
1) I think we should differentiate between different security models. WSS4J is just one potential model, so we should name the tag <engage-wss>. Probably we need different tags:
<engage-wss-auth-check>
<engage-wss-auth-add>
<engage-wss-sign-check>
<engage-wss-sign-add>
<engage-wss-encrypt>
<engage-wss-decrypt>
+1
2) I think the config should be possible to be "inline". We need a way of separating out config files - maybe a way of using reference to point to another file or even a repository, but it should be possible to have two different security configurations and the simplest way seems to me to have the config info as children of the tag.
3) we should make the WSS4J support into a JAR and use the SynapseExtension support (same with Sandesha), so that we don't have a huge set of dependencies on the main download.
Paul--
On 12/19/05, Saminda Abeyruwan <[EMAIL PROTECTED] > wrote:
On 12/19/05, Mukund Balasubramanian < [EMAIL PROTECTED]> wrote:Where does the remaining configuration go?
Into axis config?
Part of the configuration has to be handled by the SecurityProcessor.process() method. This method handles the configurations, which is present in Axis2.xml.
The resources such as "information on key store", "PWCallback" and other properties has to go into synapse_security.aar.
{The programming model is somewhat close to AddressingInProcessor}
Saminda
My primary question is the interaction model between synapse xml and axis xml.
Mukund Balasubramanian
-----Original Message-----
From: Saminda Abeyruwan <[EMAIL PROTECTED] >
To: [email protected] < [email protected]>
Sent: Mon Dec 19 17:08:38 2005
Subject: Security as a QOS
Hi all,
Axis2 comes with Security. As a first step towards building QOS for Synapse, we can use the Axis2's security implementation.
The big picture is as follows, when synpase.xml has the following structure {minimum}
<stage name="security">
<engage-security/>
</stage>
will allow the Synapse to work with security.
Rule author might come with a rule like
<stage name="rule_set">
<engage-security/>
<engage-addressing-in/>
<log/>
<send/>
</stage>
The implementation process requires SecuirtyProcessor and SecurityProcessorConfigurator.
I would like to give it a try and implement this for Synapse.
Thoughts ?
Saminda
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
http://bloglines.com/blog/paulfremantle
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
http://bloglines.com/blog/paulfremantle
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
http://bloglines.com/blog/paulfremantle
[EMAIL PROTECTED]
"Oxygenating the Web Service Platform", www.wso2.com
