Re: WS-Security support for WS binding

Tue, 20 Nov 2007 08:19:31 -0800 

On Nov 20, 2007 3:30 PM, Jeff Davis <[EMAIL PROTECTED]> wrote:

> Hi,
>
>
>
> I'm trying to determine whether the WS Binding supports WS-Security such
> as the UsernameToken profile? From what I can gather, I only found HTTP
> basic authentication support?
>
>
>
> If WS-Security isn't currently supported, is that on the roadmap?
>
>
>
> Thanks!
>
>
>
> Jeff
>
>
>
> Btw., Tuscany is an amazing accomplishment!
>
> Hi Jeff.

Venkat's our expert at this and he's in a different time zone so I just took
a look at the secure service sample he has in trunk in subversion [1].
Looking at it it seems that UsernameToken is supported. For example, There
is a policy intent in the definitions.xml file [2]

 <sca:intent name="authentication"
              constrains="sca:binding.ws">
              <description>
              Communitcation thro this binding required Authentication.
              </description>
 </sca:intent>

and a statement of policy that supports this intent

  <sca:policySet name="wsAuthenticationPolicy"
     provides="authentication"
     appliesTo="sca:binding.ws"
     >
     <tuscany:wsConfigParam>
         <parameter name="InflowSecurity">
             <action>
                 <items>UsernameToken</items>
                 <passwordCallbackClass>helloworld.ServerPWCBHandler
</passwordCallbackClass>
               </action>
          </parameter>
     </tuscany:wsConfigParam>
 </sca:policySet>

This is associated with the application in the helloworld.composite file [3]

    <service name="HelloWorldService" requires="authentication"
promote="HelloWorldServiceComponent/HelloWorldService">
        <interface.wsdl interface="
http://helloworld#wsdl.interface(HelloWorld)" />
        <binding.ws uri="http://localhost:8085/HelloWorldService"/>
    </service>

    <component name="HelloWorldServiceComponent">
        <implementation.java class="helloworld.HelloWorldImpl" />
    </component>

Looking back at the 1.0 release this sample was included so you should be
able to try it out.

Generally we are using Apache Rampart to provide our WS-Security support and
the idea with policies of course is that the framework allows new policies
to be defined fairly easily so if there are things that you need that are
not supported then lets discuss here and work out how to enable them.

Regards

Simon

[1]
http://svn.apache.org/repos/asf/incubator/tuscany/java/sca/samples/helloworld-ws-service-secure/
[2]
http://svn.apache.org/repos/asf/incubator/tuscany/java/sca/samples/helloworld-ws-service-secure/src/main/resources/definitions.xml
[3]
http://svn.apache.org/repos/asf/incubator/tuscany/java/sca/samples/helloworld-ws-service-secure/src/main/resources/helloworldws.composite

Reply via email to