You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by shams jawaid <sh...@hotmail.com> on 2008/04/15 07:31:45 UTC

Axis2 Security Phases

Hi there, 
 
I had a question on what phase Rampart operates on, in Axis2. 
 
In this axis2 configuration file, in the InFlow settings, i see "Security" right before pre-Dispatch. In the OutFlow settings, i see "security" after Message Out. 
 
Am i right in assuming, that in the InFlow settings, the request message is being formed, and so the message is encrypted before the pre-Dispatch phase. 
 
When the OutFlow settings are executed, the encryption is validated and an encrypted response is formed after the "Message Out" phase.
 
is this correct?
 
Thanks
_________________________________________________________________
Win 100’s of Virgin Experience days with BigSnapSearch.com
http://www.bigsnapsearch.com

RE: Axis2 Security Phases

Posted by shams jawaid <sh...@hotmail.com>.

Hi, 
 
Thanks for that Dimuthu!> Subject: Re: Axis2 Security Phases> From: muthulee@apache.org> To: axis-user@ws.apache.org> Date: Wed, 16 Apr 2008 10:27:51 +0530> > Hi,> > Please see my comments inline.> > On Tue, 2008-04-15 at 05:31 +0000, shams jawaid wrote:> > Hi there, > > > > I had a question on what phase Rampart operates on, in Axis2. > > > > In this axis2 configuration file, in the InFlow settings, i see> > "Security" right before pre-Dispatch. In the OutFlow settings, i see> > "security" after Message Out. > > > > Am i right in assuming, that in the InFlow settings, the request> > message is being formed, and so the message is encrypted before the> > pre-Dispatch phase. > > The term "InFlow" is generally used to label the set of phases while> receiving the message, at client or server. So at the InFlow security is> validated. For example clients and servers do signature validation and> decryption at the inflow. No encryption or signature happen here.> > > When the OutFlow settings are executed, the encryption is validated> > and an encrypted response is formed after the "Message Out" phase.> > The term "OutFlow" is generally used to label the set of phases while> sending the message, at client or server. So at the OutFlow security is> applied. For example message encryption, signing happens here.> > Phases are interchangeable to some extent. For example if you need to> encrypt Addressing headers security phase must come after Addressing.> > Thank you,> Dimuthu> > http://wso2.org> > > > is this correct?> > > > Thanks> > > > > > ______________________________________________________________________> > News, Sports, Entertainment and Weather on your mobile. Text MSN to> > 63463 Now.> > > ---------------------------------------------------------------------> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org> For additional commands, e-mail: axis-user-help@ws.apache.org> 
_________________________________________________________________
Win 100’s of Virgin Experience days with BigSnapSearch.com
http://www.bigsnapsearch.com

Memory footprints

Posted by Demetris G <de...@ece.neu.edu>.

Hi guys,

    I may have asked this one before a while back. Has anyone does a 
memory footprint
analysis of Axis1 and Axis2? .

Thanks in advance
Demetris


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org

Re: Axis2 Security Phases

Posted by Dimuthu Leelarathne <mu...@apache.org>.

Hi,

Please see my comments inline.

On Tue, 2008-04-15 at 05:31 +0000, shams jawaid wrote:
> Hi there, 
>  
> I had a question on what phase Rampart operates on, in Axis2. 
>  
> In this axis2 configuration file, in the InFlow settings, i see
> "Security" right before pre-Dispatch. In the OutFlow settings, i see
> "security" after Message Out. 
>  
> Am i right in assuming, that in the InFlow settings, the request
> message is being formed, and so the message is encrypted before the
> pre-Dispatch phase. 

The term "InFlow" is generally used to label the set of phases while
receiving the message, at client or server. So at the InFlow security is
validated. For example clients and servers do signature validation and
decryption at the inflow. No encryption or signature happen here.

> When the OutFlow settings are executed, the encryption is validated
> and an encrypted response is formed after the "Message Out" phase.

The term "OutFlow" is generally used to label the set of phases while
sending the message, at client or server. So at the OutFlow security is
applied. For example message encryption, signing happens here.

Phases are interchangeable to some extent. For example if you need to
encrypt Addressing headers security phase must come after Addressing.

Thank you,
Dimuthu

http://wso2.org

> is this correct?
>  
> Thanks
> 
> 
> ______________________________________________________________________
> News, Sports, Entertainment and Weather on your mobile. Text MSN to
> 63463 Now.

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org