On Thu, May 20, 2010 at 2:54 PM, Blue Diamond <[email protected]> wrote: > Hi, > I have a requirement that say I define a new intent called "AuthToken" (will > write its policy, policy handler, interceptor, processor etc.) and use it > for multiple bindings say binding.ws, binding.jms. > Inside the interceptor, say we'll set > message.getHeaders().add(contents of AuthToken) > If this mechanism is binding independent, then the BasicAuthentication > scheme (with username & password) used in samples > (itest-policy-security-basicauth) should work in binding.jms also right? But > it didn't work. Is security policy completely supported on all bindings. Or > are there any limitations to it? > We want to have a solution that works atleast on jms & ws. Is there any > existing solution in Tuscany 1.6 already that can solve this? > Please help. > Thanks & Regards, > Anil
Hi Anil The short answer is that there isn't a consistent mechanism for getting header information into binding specific protocols in 1.x Having said that there were some experiments in 1.x with some arbitrary token based authentication. There is a test here [1]. The problem faced was that while the JMS binding implementation exploits the binding wire infrastructure, which effectively allows you to add interceptors into the guts of the binding implementation, the web service binding does not. To get the token into the SOAP header we had to make changes to the ws binding as well as creating policy interceptors. We will fix the ws binding for 2.x to make it more flexible but that doesn't make your life easier on 1.x. However as you are focused on WS and JMS you may be able to exploit what was done for the auth token support. Can you take a look at it and see what's missing from your point of view Regards Simon [1] http://svn.apache.org/repos/asf/tuscany/sca-java-1.x/trunk/itest/policy-security-token/ -- Apache Tuscany committer: tuscany.apache.org Co-author of a book about Tuscany and SCA: tuscanyinaction.com
