Helloworld Webservice and Security Policies

Mon, 15 Oct 2007 07:30:49 -0700 

Hi,
 
 
I tried to understand the helloworld-ws-reference-secure and 
helloworld-ws-service-secure example, provided with the SCA Version 1.0.
 
In the defintions.xml there are Policies defined for security. I think the 
Username is provided directly in this Policy-file.
For both client and service a callback-classes to determe the password are 
defined. 
 
<passwordCallbackClass>helloworld.ClientPWCBHandler</passwordCallbackClass>" +

<passwordCallbackClass>helloworld.ServerPWCBHandler</passwordCallbackClass>

The implementations of server callback and client callback are identical.So I 
suppose that the tuscany runtime calls this callbacks to 

get the password form client and server-side and compares them. 

public void handle(Callback[] callbacks) throws IOException,

UnsupportedCallbackException {

for (int i = 0; i < callbacks.length; i++) {

System.out.println("*** Calling Client UserId/Password Handler .... ");

WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

//System.out.println( pwcb.getPassword());

pwcb.setPassword("TuscanyWsUserPasswd");

//System.out.println( pwcb.getPassword());

}

}

Now I changed the password one client-side to 

pwcb.setPassword("123");

 

I expected that the call of the WS would fail, but to my supprise I could still 
 call the Service.

I want to implement a gui on client side where the user has to enter user and 
password. On server side I want to check these user/password against some 
configuration-file.

I suppose that one can implement the username also as callback, but I did not 
find any documentation on that. 

I want to services in tunscany-java which use security and are 
conversation-based.  Is there a documentation how to implement these policies 
with tuscany.

>From my understanding  the <tuscany:wsConfigParam> section is specific to 
>Tuscany. What subnotes are allowed inside this section ?

 

thanks for your help

 

Björn Dietrich

 

 

 

 



CENIT AG Systemhaus, Industriestrasse 52-54, 70565 Stuttgart, Tel.: +49 711 
7825-30, Fax: +49 711 7825-4000, Internet: www.cenit.de
Geschaeftsstellen: Berlin, Duesseldorf, Frankfurt, Hamburg, Hannover, Muenchen, 
Saarbruecken
Vorstandsmitglieder: Kurt Bengel, Christian Pusch
Aufsichtsratsmitglieder: Falk Engelmann (Vorsitzender des Aufsichtsrats), 
Hubert Leypoldt, Dr. Dirk Lippold
Bankverbindungen: Deutsche Bank (BLZ 600 700 70) Kto. 1661 040, Commerzbank 
(BLZ 600 400 71) Kto. 532 015 500, BW-Bank (BLZ 600 501 01) Kto. 2 403 313
Registergericht: Amtsgericht Stuttgart
Handelsregister: HRB Nr. 19117
Umsatzsteuer: ID-Nr. DE 147 862 777

Reply via email to