Hi, I have added some minor updates to the the helloworld-ws-service-secure and helloworld-ws-reference-secure samples to given an idea of how simple authentication around userid and passwords could be performed.
I have also added one more component that uses a policyset with ws-security-policy assertions for implementing message integrity - again courtesy - Rampart samples :) Hope all this helps a bit. Thanks - Venkat On 10/16/07, Dietrich, Björn <[EMAIL PROTECTED]> wrote: > > Hi Vankat, > > First thank you very much. > > I will check the rampart documentation. > > Thanks > Björn > > > -----Ursprüngliche Nachricht----- > Von: Venkata Krishnan [mailto:[EMAIL PROTECTED] > Gesendet: Dienstag, 16. Oktober 2007 09:44 > An: [email protected] > Betreff: Re: Helloworld Webservice and Security Policies > > Hi, > > I am not a security specialist and I picked up this ws security handling > from the rampart tutorials and samples I went through. So from what I > understand... > > - In the client side handler you could set the passwords for various > client identities. > - On the server side this is the handler that you use to retrieve the > passwords from the handler on one side and then prob. from some user > registry and do a comparison. If the passwords match you return otherwise > you throw an exception from the handler. > > Here is a snippet that I picked up for this from the rampart samples for a > typical server side handler. Not that this method has to be precisely this > way, it is more to give you an idea of what typcially goes on in the server > side handler. > > public class PWCBHandler implements CallbackHandler { > > public void handle(Callback[] callbacks) throws IOException, > UnsupportedCallbackException { > for (int i = 0; i < callbacks.length; i++) { > > //When the server side need to authenticate the user > WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; > if (pwcb.getUsage() == > WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) > { > if(pwcb.getIdentifer().equals("alice") && > pwcb.getPassword().equals("bobPW")) > { > return; > } else { > throw new UnsupportedCallbackException(callbacks[i], > "check failed"); > } > } > > //When the client requests for the password to be added in to > the > //UT element > pwcb.setPassword("bobPW"); > } > } > } > > Hope this helps. Let me know if you still have trouble getting things in > place and I'd be happy to help you further. > > Thanks > > - Venkat > > > > > > > > > > On 10/15/07, Dietrich, Björn <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > > > I tried to understand the helloworld-ws-reference-secure and > > helloworld-ws-service-secure example, provided with the SCA Version 1.0. > > > > In the defintions.xml there are Policies defined for security. I think > > the Username is provided directly in this Policy-file. > > For both client and service a callback-classes to determe the password > > are defined. > > > > <passwordCallbackClass>helloworld.ClientPWCBHandler > </passwordCallbackClass>" > > + > > > > <passwordCallbackClass>helloworld.ServerPWCBHandler > > </passwordCallbackClass> > > > > The implementations of server callback and client callback are > > identical.So I suppose that the tuscany runtime calls this callbacks > > to > > > > get the password form client and server-side and compares them. > > > > public void handle(Callback[] callbacks) throws IOException, > > > > UnsupportedCallbackException { > > > > for (int i = 0; i < callbacks.length; i++) { > > > > System.out.println("*** Calling Client UserId/Password Handler .... > > "); > > > > WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; > > > > //System.out.println( pwcb.getPassword()); > > > > pwcb.setPassword("TuscanyWsUserPasswd"); > > > > //System.out.println( pwcb.getPassword()); > > > > } > > > > } > > > > Now I changed the password one client-side to > > > > pwcb.setPassword("123"); > > > > > > > > I expected that the call of the WS would fail, but to my supprise I > > could still call the Service. > > > > I want to implement a gui on client side where the user has to enter > > user and password. On server side I want to check these user/password > > against some configuration-file. > > > > I suppose that one can implement the username also as callback, but I > > did not find any documentation on that. > > > > I want to services in tunscany-java which use security and are > > conversation-based. Is there a documentation how to implement these > > policies with tuscany. > > > > From my understanding the <tuscany:wsConfigParam> section is specific > > to Tuscany. What subnotes are allowed inside this section ? > > > > > > > > thanks for your help > > > > > > > > Björn Dietrich > > > > > > > > > > > > > > > > > > > > > > > > CENIT AG Systemhaus, Industriestrasse 52-54, 70565 Stuttgart, Tel.: > > +49 > > 711 7825-30, Fax: +49 711 7825-4000, Internet: www.cenit.de > > Geschaeftsstellen: Berlin, Duesseldorf, Frankfurt, Hamburg, Hannover, > > Muenchen, Saarbruecken > > Vorstandsmitglieder: Kurt Bengel, Christian Pusch > > Aufsichtsratsmitglieder: Falk Engelmann (Vorsitzender des > > Aufsichtsrats), Hubert Leypoldt, Dr. Dirk Lippold > > Bankverbindungen: Deutsche Bank (BLZ 600 700 70) Kto. 1661 040, > > Commerzbank (BLZ 600 400 71) Kto. 532 015 500, BW-Bank (BLZ 600 501 01) > Kto. > > 2 403 313 > > Registergericht: Amtsgericht Stuttgart > > Handelsregister: HRB Nr. 19117 > > Umsatzsteuer: ID-Nr. DE 147 862 777 > > > > > CENIT AG Systemhaus, Industriestrasse 52-54, 70565 Stuttgart, Tel.: +49 > 711 7825-30, Fax: +49 711 7825-4000, Internet: www.cenit.de > Geschaeftsstellen: Berlin, Duesseldorf, Frankfurt, Hamburg, Hannover, > Muenchen, Saarbruecken > Vorstandsmitglieder: Kurt Bengel, Christian Pusch > Aufsichtsratsmitglieder: Falk Engelmann (Vorsitzender des Aufsichtsrats), > Hubert Leypoldt, Dr. Dirk Lippold > Bankverbindungen: Deutsche Bank (BLZ 600 700 70) Kto. 1661 040, > Commerzbank (BLZ 600 400 71) Kto. 532 015 500, BW-Bank (BLZ 600 501 01) Kto. > 2 403 313 > Registergericht: Amtsgericht Stuttgart > Handelsregister: HRB Nr. 19117 > Umsatzsteuer: ID-Nr. DE 147 862 777 > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
