You are viewing a plain text version of this content. The canonical link for it is here.
Posted to soap-dev@xml.apache.org by Christian Geuer-Pollmann <ge...@nue.et-inf.uni-siegen.de> on 2001/11/28 10:26:33 UTC
Re: Authenticating SOAP Messages
> In our application, we are able to send the SOAP requests and responses.
> But how can I authorise those requests.In our normal scenario, we
> authenticate the user with pin/password and then he'll access the
> authorised functions.But in this SOAP scenario,whatever request comes,
> without authentication, should I allow them to get the response. One
> condition I'm assuming is allowing for only registered IP addresses.But
> this may not be a feasible one.
>
> Can you please suggest any existing mechanisms to do this.I've to
> implement this in our application.
Maybe you can use the Apache XML Security package [1] for creating SOAP
Signatures using XML Signature. Whether digital signatures inside the SOAP
msg do meet the goal depends on your security requirements.
Christian
[1] http://xml.apache.org/security/
Re: Authenticating SOAP Messages
Posted by Steve Jones <st...@netdecisions.com>.
We used SOAP on a project here and to make it secure did the following
1) Had authorisation _in_ the service, the service was a facade that
only connected to real services post initialisation.
That was okay but the real security was outside in Tomcat where we did
2) SOAP/SSL with client side certificates. Simple certficiate
registration process.
This meant that we had two pieces of information required 1) The persons
username/password combination and 2) The remote systems client side
certificate had to be valid.
Steve Jones
On Wed, 2001-11-28 at 15:16, Scott Nichol wrote:
> Why not use HTTP Authentication? If that is not good for you, you could
> include user/password in the parameter list for each SOAP method, and
> authenticate within the method. Either way, of course, you would be
> best
> off using SSL so that the password in encrypted.
>
> Scott
>
> ----- Original Message -----
> From: "Christian Geuer-Pollmann"
> <ge...@nue.et-inf.uni-siegen.de>
> To: <so...@xml.apache.org>; <SO...@DISCUSS.DEVELOP.COM>;
> <so...@yahoogroups.com>
> Cc: <so...@xml.apache.org>
> Sent: Wednesday, November 28, 2001 4:26 AM
> Subject: Re: Authenticating SOAP Messages
>
>
> >
> > > In our application, we are able to send the SOAP requests and
> responses.
> > > But how can I authorise those requests.In our normal scenario, we
> > > authenticate the user with pin/password and then he'll access the
> > > authorised functions.But in this SOAP scenario,whatever request
> comes,
> > > without authentication, should I allow them to get the response.
> One
> > > condition I'm assuming is allowing for only registered IP
> addresses.But
> > > this may not be a feasible one.
> > >
> > > Can you please suggest any existing mechanisms to do this.I've to
> > > implement this in our application.
> >
> > Maybe you can use the Apache XML Security package [1] for creating
> SOAP
> > Signatures using XML Signature. Whether digital signatures inside the
> SOAP
> > msg do meet the goal depends on your security requirements.
> >
> > Christian
> >
> >
> >
> > [1] http://xml.apache.org/security/
Re: Authenticating SOAP Messages
Posted by Steve Jones <st...@netdecisions.com>.
We used SOAP on a project here and to make it secure did the following
1) Had authorisation _in_ the service, the service was a facade that
only connected to real services post initialisation.
That was okay but the real security was outside in Tomcat where we did
2) SOAP/SSL with client side certificates. Simple certficiate
registration process.
This meant that we had two pieces of information required 1) The persons
username/password combination and 2) The remote systems client side
certificate had to be valid.
Steve Jones
On Wed, 2001-11-28 at 15:16, Scott Nichol wrote:
> Why not use HTTP Authentication? If that is not good for you, you could
> include user/password in the parameter list for each SOAP method, and
> authenticate within the method. Either way, of course, you would be
> best
> off using SSL so that the password in encrypted.
>
> Scott
>
> ----- Original Message -----
> From: "Christian Geuer-Pollmann"
> <ge...@nue.et-inf.uni-siegen.de>
> To: <so...@xml.apache.org>; <SO...@DISCUSS.DEVELOP.COM>;
> <so...@yahoogroups.com>
> Cc: <so...@xml.apache.org>
> Sent: Wednesday, November 28, 2001 4:26 AM
> Subject: Re: Authenticating SOAP Messages
>
>
> >
> > > In our application, we are able to send the SOAP requests and
> responses.
> > > But how can I authorise those requests.In our normal scenario, we
> > > authenticate the user with pin/password and then he'll access the
> > > authorised functions.But in this SOAP scenario,whatever request
> comes,
> > > without authentication, should I allow them to get the response.
> One
> > > condition I'm assuming is allowing for only registered IP
> addresses.But
> > > this may not be a feasible one.
> > >
> > > Can you please suggest any existing mechanisms to do this.I've to
> > > implement this in our application.
> >
> > Maybe you can use the Apache XML Security package [1] for creating
> SOAP
> > Signatures using XML Signature. Whether digital signatures inside the
> SOAP
> > msg do meet the goal depends on your security requirements.
> >
> > Christian
> >
> >
> >
> > [1] http://xml.apache.org/security/
Re: Authenticating SOAP Messages
Posted by Scott Nichol <sn...@computer.org>.
Why not use HTTP Authentication? If that is not good for you, you could
include user/password in the parameter list for each SOAP method, and
authenticate within the method. Either way, of course, you would be best
off using SSL so that the password in encrypted.
Scott
----- Original Message -----
From: "Christian Geuer-Pollmann" <ge...@nue.et-inf.uni-siegen.de>
To: <so...@xml.apache.org>; <SO...@DISCUSS.DEVELOP.COM>;
<so...@yahoogroups.com>
Cc: <so...@xml.apache.org>
Sent: Wednesday, November 28, 2001 4:26 AM
Subject: Re: Authenticating SOAP Messages
>
> > In our application, we are able to send the SOAP requests and responses.
> > But how can I authorise those requests.In our normal scenario, we
> > authenticate the user with pin/password and then he'll access the
> > authorised functions.But in this SOAP scenario,whatever request comes,
> > without authentication, should I allow them to get the response. One
> > condition I'm assuming is allowing for only registered IP addresses.But
> > this may not be a feasible one.
> >
> > Can you please suggest any existing mechanisms to do this.I've to
> > implement this in our application.
>
> Maybe you can use the Apache XML Security package [1] for creating SOAP
> Signatures using XML Signature. Whether digital signatures inside the SOAP
> msg do meet the goal depends on your security requirements.
>
> Christian
>
>
>
> [1] http://xml.apache.org/security/
Re: Authenticating SOAP Messages
Posted by Scott Nichol <sn...@computer.org>.
Why not use HTTP Authentication? If that is not good for you, you could
include user/password in the parameter list for each SOAP method, and
authenticate within the method. Either way, of course, you would be best
off using SSL so that the password in encrypted.
Scott
----- Original Message -----
From: "Christian Geuer-Pollmann" <ge...@nue.et-inf.uni-siegen.de>
To: <so...@xml.apache.org>; <SO...@DISCUSS.DEVELOP.COM>;
<so...@yahoogroups.com>
Cc: <so...@xml.apache.org>
Sent: Wednesday, November 28, 2001 4:26 AM
Subject: Re: Authenticating SOAP Messages
>
> > In our application, we are able to send the SOAP requests and responses.
> > But how can I authorise those requests.In our normal scenario, we
> > authenticate the user with pin/password and then he'll access the
> > authorised functions.But in this SOAP scenario,whatever request comes,
> > without authentication, should I allow them to get the response. One
> > condition I'm assuming is allowing for only registered IP addresses.But
> > this may not be a feasible one.
> >
> > Can you please suggest any existing mechanisms to do this.I've to
> > implement this in our application.
>
> Maybe you can use the Apache XML Security package [1] for creating SOAP
> Signatures using XML Signature. Whether digital signatures inside the SOAP
> msg do meet the goal depends on your security requirements.
>
> Christian
>
>
>
> [1] http://xml.apache.org/security/
Re: problem on register user-defined serializer/deserializer.
Posted by Scott Nichol <sn...@computer.org>.
If the problem was Tomcat finding the class, I think you would get
ClassNotFound or something like that. Can you attach your deployment
descriptor? Perhaps someone else will see a problem that you do not.
Scott
----- Original Message -----
From: "Xiao Juguang" <ju...@fugu-sg.org>
To: <so...@xml.apache.org>; <so...@xml.apache.org>
Sent: Wednesday, November 28, 2001 5:57 AM
Subject: problem on register user-defined serializer/deserializer.
> Hi, all.
> How are you today? I am almost crashed when I tried to fix the problem
> below.
>
> Here is my problem.
>
> I create serializer and deserializer for one of my class, Exon. I
write
> mapping code in deployment descriptor and deploy it. I can see the result
of
> deployment via web admin pages of Apache SOAP.
> When I tried to run client code, I met the fault :
>
> Fault Code = SOAP-ENV:Server
> Fault String = java.lang.IllegalArgumentException: No Serializer found to
> serialize a "Exon", using encoding style http://schemas.
> xmlsoap.org/soap/encoding/
>
> I tried to find the potential causes:
>
> 1) location of my Exon and its ser/deserializer.-- I think tomcat can find
> them because I placed them in tomcat/classes
>
> 2) Typo in deployment descriptor -- I checked time.
>
>
> What is other cause reason to lead to such problem? Please help.
>
> Thanks
>
> Juguang
>
Re: problem on register user-defined serializer/deserializer.
Posted by Scott Nichol <sn...@computer.org>.
If the problem was Tomcat finding the class, I think you would get
ClassNotFound or something like that. Can you attach your deployment
descriptor? Perhaps someone else will see a problem that you do not.
Scott
----- Original Message -----
From: "Xiao Juguang" <ju...@fugu-sg.org>
To: <so...@xml.apache.org>; <so...@xml.apache.org>
Sent: Wednesday, November 28, 2001 5:57 AM
Subject: problem on register user-defined serializer/deserializer.
> Hi, all.
> How are you today? I am almost crashed when I tried to fix the problem
> below.
>
> Here is my problem.
>
> I create serializer and deserializer for one of my class, Exon. I
write
> mapping code in deployment descriptor and deploy it. I can see the result
of
> deployment via web admin pages of Apache SOAP.
> When I tried to run client code, I met the fault :
>
> Fault Code = SOAP-ENV:Server
> Fault String = java.lang.IllegalArgumentException: No Serializer found to
> serialize a "Exon", using encoding style http://schemas.
> xmlsoap.org/soap/encoding/
>
> I tried to find the potential causes:
>
> 1) location of my Exon and its ser/deserializer.-- I think tomcat can find
> them because I placed them in tomcat/classes
>
> 2) Typo in deployment descriptor -- I checked time.
>
>
> What is other cause reason to lead to such problem? Please help.
>
> Thanks
>
> Juguang
>
problem on register user-defined serializer/deserializer.
Posted by Xiao Juguang <ju...@fugu-sg.org>.
Hi, all.
How are you today? I am almost crashed when I tried to fix the problem
below.
Here is my problem.
I create serializer and deserializer for one of my class, Exon. I write
mapping code in deployment descriptor and deploy it. I can see the result of
deployment via web admin pages of Apache SOAP.
When I tried to run client code, I met the fault :
Fault Code = SOAP-ENV:Server
Fault String = java.lang.IllegalArgumentException: No Serializer found to
serialize a "Exon", using encoding style http://schemas.
xmlsoap.org/soap/encoding/
I tried to find the potential causes:
1) location of my Exon and its ser/deserializer.-- I think tomcat can find
them because I placed them in tomcat/classes
2) Typo in deployment descriptor -- I checked time.
What is other cause reason to lead to such problem? Please help.
Thanks
Juguang
problem on register user-defined serializer/deserializer.
Posted by Xiao Juguang <ju...@fugu-sg.org>.
Hi, all.
How are you today? I am almost crashed when I tried to fix the problem
below.
Here is my problem.
I create serializer and deserializer for one of my class, Exon. I write
mapping code in deployment descriptor and deploy it. I can see the result of
deployment via web admin pages of Apache SOAP.
When I tried to run client code, I met the fault :
Fault Code = SOAP-ENV:Server
Fault String = java.lang.IllegalArgumentException: No Serializer found to
serialize a "Exon", using encoding style http://schemas.
xmlsoap.org/soap/encoding/
I tried to find the potential causes:
1) location of my Exon and its ser/deserializer.-- I think tomcat can find
them because I placed them in tomcat/classes
2) Typo in deployment descriptor -- I checked time.
What is other cause reason to lead to such problem? Please help.
Thanks
Juguang
problem on register user-defined serializer/deserializer.
Posted by Xiao Juguang <ju...@fugu-sg.org>.
Hi, all.
How are you today? I am almost crashed when I tried to fix the problem
below.
Here is my problem.
I create serializer and deserializer for one of my class, Exon. I write
mapping code in deployment descriptor and deploy it. I can see the result of
deployment via web admin pages of Apache SOAP.
When I tried to run client code, I met the fault :
Fault Code = SOAP-ENV:Server
Fault String = java.lang.IllegalArgumentException: No Serializer found to
serialize a "Exon", using encoding style http://schemas.
xmlsoap.org/soap/encoding/
I tried to find the potential causes:
1) location of my Exon and its ser/deserializer.-- I think tomcat can find
them because I placed them in tomcat/classes
2) Typo in deployment descriptor -- I checked time.
What is other cause reason to lead to such problem? Please help.
Thanks
Juguang
problem on register user-defined serializer/deserializer.
Posted by Xiao Juguang <ju...@fugu-sg.org>.
Hi, all.
How are you today? I am almost crashed when I tried to fix the problem
below.
Here is my problem.
I create serializer and deserializer for one of my class, Exon. I write
mapping code in deployment descriptor and deploy it. I can see the result of
deployment via web admin pages of Apache SOAP.
When I tried to run client code, I met the fault :
Fault Code = SOAP-ENV:Server
Fault String = java.lang.IllegalArgumentException: No Serializer found to
serialize a "Exon", using encoding style http://schemas.
xmlsoap.org/soap/encoding/
I tried to find the potential causes:
1) location of my Exon and its ser/deserializer.-- I think tomcat can find
them because I placed them in tomcat/classes
2) Typo in deployment descriptor -- I checked time.
What is other cause reason to lead to such problem? Please help.
Thanks
Juguang
RE: Serializers
Posted by Brian Clifton <b....@salford.ac.uk>.
Hi to All,
I have a problem with Serializers. Whenever I try to invoke one my
Tomcat/Soap environment aborts with no error message and nothing in the log.
Any ideas?
Thanks,
Brian M Clifton
RE: Serializers
Posted by Brian Clifton <b....@salford.ac.uk>.
Hi to All,
I have a problem with Serializers. Whenever I try to invoke one my
Tomcat/Soap environment aborts with no error message and nothing in the log.
Any ideas?
Thanks,
Brian M Clifton