Hi, Simon has mentioned it all (Thanks Simon). The little I want to add here is, at the present moment you could configure ws-security either thro config params or thro ws-policy. The ws-binding-axis2 uses Rampart to implement security and hence all that you could do with axis2 and Rampart otherwise is also possible using this binding. Just that you need to encapsulate the policy or config param settings within appropriate tuscany policy-sets in the definitions.xml file. The helloworld-ws-service/reference-secure samples will give you a good idea to that.
I you need any further help with this, please let us know and I'd be happy to help. Thanks - Venkat On Nov 20, 2007 9:48 PM, Simon Laws <[EMAIL PROTECTED]> wrote: > On Nov 20, 2007 3:30 PM, Jeff Davis <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > > > I'm trying to determine whether the WS Binding supports WS-Security such > > as the UsernameToken profile? From what I can gather, I only found HTTP > > basic authentication support? > > > > > > > > If WS-Security isn't currently supported, is that on the roadmap? > > > > > > > > Thanks! > > > > > > > > Jeff > > > > > > > > Btw., Tuscany is an amazing accomplishment! > > > > Hi Jeff. > > Venkat's our expert at this and he's in a different time zone so I just > took > a look at the secure service sample he has in trunk in subversion [1]. > Looking at it it seems that UsernameToken is supported. For example, There > is a policy intent in the definitions.xml file [2] > > <sca:intent name="authentication" > constrains="sca:binding.ws"> > <description> > Communitcation thro this binding required Authentication. > </description> > </sca:intent> > > and a statement of policy that supports this intent > > <sca:policySet name="wsAuthenticationPolicy" > provides="authentication" > appliesTo="sca:binding.ws" > > > <tuscany:wsConfigParam> > <parameter name="InflowSecurity"> > <action> > <items>UsernameToken</items> > <passwordCallbackClass>helloworld.ServerPWCBHandler > </passwordCallbackClass> > </action> > </parameter> > </tuscany:wsConfigParam> > </sca:policySet> > > This is associated with the application in the helloworld.composite file > [3] > > <service name="HelloWorldService" requires="authentication" > promote="HelloWorldServiceComponent/HelloWorldService"> > <interface.wsdl interface=" > http://helloworld#wsdl.interface(HelloWorld)<http://helloworld#wsdl.interface%28HelloWorld%29>" > /> > <binding.ws uri="http://localhost:8085/HelloWorldService"/> > </service> > > <component name="HelloWorldServiceComponent"> > <implementation.java class="helloworld.HelloWorldImpl" /> > </component> > > Looking back at the 1.0 release this sample was included so you should be > able to try it out. > > Generally we are using Apache Rampart to provide our WS-Security support > and > the idea with policies of course is that the framework allows new policies > to be defined fairly easily so if there are things that you need that are > not supported then lets discuss here and work out how to enable them. > > Regards > > Simon > > [1] > > http://svn.apache.org/repos/asf/incubator/tuscany/java/sca/samples/helloworld-ws-service-secure/ > [2] > > http://svn.apache.org/repos/asf/incubator/tuscany/java/sca/samples/helloworld-ws-service-secure/src/main/resources/definitions.xml > [3] > > http://svn.apache.org/repos/asf/incubator/tuscany/java/sca/samples/helloworld-ws-service-secure/src/main/resources/helloworldws.composite >
