On Wed, May 7, 2008 at 1:49 PM, Marina Deslaugiers < [EMAIL PROTECTED]> wrote:
> Hi Simon, > > Thanks for the explanations. I will download and have a look to the > calculator example you mention. > > However, I already have seen the > sample/helloworld-ws-reference(service)-secure and I do not know whether > and how I can use the policies they define ; indeed, as I said, I use to > bind to a non-SCA web service - say the web service is not encapsulated in a > SCA component. > > So, in this case, can I use the manner you indicate to me ? if yes, what > are the changes to introduce in the policy description (definitions.xml > and/or other files)? > > > Regards, > Marina. > > samples/helloworld-ws-reference-secure and > > samples/helloworld-ws-service-secure > > > > > > > Le 7 mai 08 à 12:13, Simon Laws a écrit : > > > On Mon, May 5, 2008 at 4:11 PM, Marina Deslaugiers < > > [EMAIL PROTECTED]> wrote: > > > > Hi, > > > Hello, > > > > > > I am coming back to you as I now have to connect to an external web > > > service with user/password authentication and I do not know how this > > > can be > > > done (using policies I guess) in tuscany. > > > > > > I use a coding analogue to the one in the simple HelloWorld Web > > > service > > > example provided (and corrected by you) in > > > > > > * [jira] Commented: (TUSCANY-2268) Exceptions errors on binding > > > toexternal web services* > > > > > > The WSDL of the web service seems to be in "document literal" > > > encoding. > > > However, the web service (accessible at the following URL ttp:// > > > 161.105.181.118/xml/SMSEnabler/V2.0/SMSSenderSEI which is different of > > > the > > > one mentioned in the WSDL file) is private to our company so it is not > > > publicly available. > > > > > > Attached to this e-mail is the WSDL file. > > > > > > Can you help me again, please ? > > > > > > thanks. > > > > > > *Regards,* > > > ** > > > *Marina.* > > > ** > > > > > > ** > > > * > > > * > > > > > > > > > > > > Hi Marina > > > > The sample samples/calculator-ws-secure-webapp shows some username and > > password based authentication. For example, you will note that some of > > the > > references/service require authentication.. > > > > > > <component name="CalculatorServiceComponent"> > > <implementation.java class="calculator.CalculatorServiceImpl"/> > > <reference name="addService" > > > <interface.java interface="calculator.AddService" /> > > <binding.ws uri=" > > http://localhost:8080/sample-calculator-ws-secure-webapp/ > > AddServiceComponent > > " > > requires="authentication" /> > > </reference> > > > > .... > > > > <component name="AddServiceComponent"> > > <implementation.java class="calculator.AddServiceImpl"/> > > <service name="AddService"> > > <interface.java interface="calculator.AddService" /> > > <binding.ws requires="authentication"/> > > </service> > > > > > > In this case the definitions.xml file defines service and reference > > policy > > sets that implement this intent as follows > > > > <sca:policySet name="calc:wsAuthenticationPolicy" > > provides="sca:authentication" > > appliesTo="sca:service/sca:binding.ws" > > > > > > > > <tuscany:wsConfigParam> > > <parameter name="InflowSecurity"> > > <action> > > <items>UsernameToken</items> > > > > > > <passwordCallbackClass>calculator.security.ServerPWCBHandler</passwordCallbackClass> > > </action> > > </parameter> > > </tuscany:wsConfigParam> > > </sca:policySet> > > > > <sca:policySet name="calc:wsClientAuthenticationPolicy" > > provides="sca:authentication" > > appliesTo="sca:reference/sca:binding.ws"> > > <tuscany:wsConfigParam> > > <parameter name="OutflowSecurity"> > > <action> > > <items>UsernameToken</items> > > <user>CalculatorUser</user> > > > > > > <passwordCallbackClass>calculator.security.ClientPWCBHandler</passwordCallbackClass>" > > + > > <passwordType>PasswordText</passwordType> > > </action> > > </parameter> > > </tuscany:wsConfigParam> > > </sca:policySet> > > </component> > > > > These policy sets configure Axis2 to call out to the callback classes > > specified in order to get the username and password to be included in > > the > > soap envelope. There is another, non-webapp, example of this in > > samples/helloworld-ws-reference-secure and > > samples/helloworld-ws-service-secure > > > > Hope that helps > > > > Simon > > > In theory you should be able to use the reference side policy to configure security in order to authenticate with the remove non-sca web service. However this depends a lot on how the remote service is expecting you to authenticate with it. Do you know the details in this case. I have to admit to not having tried this with an external service so we are both learning here:-) Simon
