I've been working on a patch that would allow end-users to do a few
things, notably, in this context, to add, remove, or replace the
built-in WSS4J Processors.
I figured the way to do this was to modify the WSSConfig object to
allow a setProcessor operation, which basically lets you key your own
processor off a Qname. When the WSSecurityEngine walks through the
security header, it can then dispatch out to application code to do
the processing, if necessary.
One of the issues I had with the WSSecurityEngine, though, is that it
uses a static WSSConfig instance to get its processors. If I were to
change the WSSConfig instance to be in any way stateful (vis a vis
its processors), I need to make the WSSConfig instance on the
WSSecurityEngine non-static. Otherwise you'd run into all sorts of
weird behavior, e.g., if you have more than one WSSecurityEngine in
process.
I think by removing the operation (or better, my current thinking is
to make it non-static), we'd potentially break some code downstream,
which presumably we don't have a test for. The projects that need
this could be retooled use the non-static call, but it may be a bad
thing to make this change on a point release. I presume there are
source and binary compatibility constraints between 1.5.1 and 1.5.2, no?
BTW, I submitted a patch for http://issues.apache.org/jira/browse/
WSS-74, but I'd like to hold off for the time being on anyone
applying it. I ran into some other issues that I'd like to address
first.
Thanks,
-Fred
On Apr 18, 2007, at 2:41 PM, Werner Dittmann wrote:
Ruchith Fernando wrote:
IIRC this was originally added to support older ws-sec specs. The
only
use of this I can see right now is to be able to dynamically
configure
wss4j to disable strict timestamp handling. (See
WSSConfig#timeStampStrict and TimestampProcessor#handleTimestamp()).
Not sure whether there's anyone who is using this.
I'm 0 on removing this.
AFAIK some projects used this to disable timestamp handling (.Net
didn't or doesn't support the millisecond feature). This can be set
using a parameter. Otherweise I don't see any further usage anymore.
Regards,
Werner
Thanks,
Ruchith
On 4/13/07, Fred Dushin <[EMAIL PROTECTED]> wrote:
Is there any reason for this? I'm really puzzled as to why there is
a static mutator on this class, and my the (non-static) process
results operations are using statically configured data.
Anyone care if I remove this (in a patch)? The sources compile and
the tests pass without it.
Thanks,
-Fred
--------------------------------------------------------------------
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
