You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Alexander Rosemann <al...@gmail.com> on 2009/04/12 16:57:24 UTC
Authentication for non SOAP messages
Hi,
I've created a bunch of Web services, including an authentication
service. All services consume and return raw XML messages (no SOAP)
which works fine.
Now I would like to force clients to authenticate themselves before they
are allowed to access any of the services.
My idea is to implement a simple handler which checks whether an
authentication flag has been set in the ServiceGroupContext. In case
it's not available the only service accessible should be the
authentication service and an error response message should be sent. If
the flag has been set, all other services can be accessed until
ServiceGroupContext timed out or the client logged off.
What I can't see is how to send an error response from within a handler.
Any pointers, input, and additional suggestions are highly welcome.
Thanks,
Alex
UNSUBSCRIBE
Posted by Arijith Roy <ar...@yahoo.com>.
Re: Authentication for non SOAP messages
Posted by Alexander Rosemann <al...@gmail.com>.
Would it be feasible to throw an AxisFaul in the handler? Would the
AxisFault be able to return an error XML message to the client?
Another question where I'm uncertain is where should I store the flag
that indicates a client has been authenticated? Would the
ServiceGroupContext be the appropriate place for that?
Any pointers into the right direction are much appreciated.
Thanks,
Alex
Alexander Rosemann wrote:
> I've added a handler to the security phase in my axis2.xml. The handler
> gets called each time a request comes in.
>
> I'm just puzzled how I can directly send a response message in case the
> user has not logged in first.
>
> Cheers,
> Alex
>
> Martin Gainty wrote:
>> from the HandlerExecution test harness i've seen this depends on
>> assigned PHASE
>>
>> package org.apache.axis2.engine;
>> public class HandlerExecutionTest extends LocalTestCase
>> {
>> *.......
>> * private void registerOperationLevelHandlers(AxisOperation
>> operation) {
>> ArrayList operationSpecificPhases = new ArrayList();
>> operationSpecificPhases.add(new
>> Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
>> operation.setRemainingPhasesInFlow(operationSpecificPhases);
>> ArrayList phaseList = operation.getRemainingPhasesInFlow();
>> for (int i = 0; i < phaseList.size(); i++) {
>> Phase operationSpecificPhase = (Phase)phaseList.get(i);
>> if (PhaseMetadata.PHASE_POLICY_DETERMINATION
>> .equals(operationSpecificPhase.getPhaseName())) {
>>
>> operationSpecificPhase.addHandler(firstOperationInHandler);
>>
>> operationSpecificPhase.addHandler(middleOperationInHandler);
>> operationSpecificPhase.addHandler(new
>> TestHandler("In6"));
>> }
>> }
>> operationSpecificPhases = new ArrayList();
>> operationSpecificPhases.add(new
>> Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
>> operation.setPhasesOutFlow(operationSpecificPhases);
>> phaseList = operation.getPhasesOutFlow();
>> for (int i = 0; i < phaseList.size(); i++) {
>> Phase operationSpecificPhase = (Phase)phaseList.get(i);
>> if (PhaseMetadata.PHASE_POLICY_DETERMINATION
>> .equals(operationSpecificPhase.getPhaseName())) {
>> operationSpecificPhase.addHandler(new
>> TestHandler("Out1"));
>>
>> operationSpecificPhase.addHandler(middleOperationOutHandler);
>> operationSpecificPhase.addHandler(new
>> TestHandler("Out3"));
>> }
>> }
>> }
>>
>> where PHASES are broken out to
>> package org.apache.axis2.phaseresolver;
>> public class PhaseMetadata {
>>
>> // INFLOW
>> public static final String PHASE_TRANSPORTIN = "TransportIn";
>> public static final String PHASE_PRE_DISPATCH = "PreDispatch";
>> public static final String PHASE_POST_DISPATCH = "PostDispatch";
>> public static final String PHASE_POLICY_DETERMINATION =
>> "PolicyDetermination";
>> public static final String PHASE_MESSAGE_PROCESSING =
>> "MessageProcessing";
>>
>> // OUTFLOW
>> public static final String PHASE_MESSAGE_OUT = "MessageOut";
>> public static final String PHASE_DISPATCH = "Dispatch";
>> public static final String PHASE_TRANSPORT_OUT = "TransportOut";
>>
>> public static final String TRANSPORT_PHASE = "TRANSPORT";
>>
>> which phase would you be attaching your handler to
>> ?
>> Martin
>> ______________________________________________
>> Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung /
>> Note de déni et de confidentialité
>>
>> This message is confidential. If you should not be the intended
>> receiver, then we ask politely to report. Each unauthorized forwarding
>> or manufacturing of a copy is inadmissible. This message serves only
>> for the exchange of information and has no legal binding effect. Due
>> to the easy manipulation of emails we cannot take responsibility over
>> the the contents.
>> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
>> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede
>> unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig.
>> Diese Nachricht dient lediglich dem Austausch von Informationen und
>> entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten
>> Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den
>> Inhalt uebernehmen.
>> Ce message est confidentiel et peut être privilégié. Si vous n'êtes
>> pas le destinataire prévu, nous te demandons avec bonté que pour
>> satisfaire informez l'expéditeur. N'importe quelle diffusion non
>> autorisée ou la copie de ceci est interdite. Ce message sert à
>> l'information seulement et n'aura pas n'importe quel effet légalement
>> obligatoire. Étant donné que les email peuvent facilement être sujets
>> à la manipulation, nous ne pouvons accepter aucune responsabilité pour
>> le contenu fourni.
>>
>>
>>
>>
>>
>>
>> > Date: Sun, 12 Apr 2009 16:57:24 +0200
>> > From: alexander.rosemann@gmail.com
>> > To: axis-user@ws.apache.org
>> > CC: alexander.rosemann@gmail.com
>> > Subject: Authentication for non SOAP messages
>> >
>> > Hi,
>> >
>> > I've created a bunch of Web services, including an authentication
>> > service. All services consume and return raw XML messages (no SOAP)
>> > which works fine.
>> >
>> > Now I would like to force clients to authenticate themselves before
>> they
>> > are allowed to access any of the services.
>> >
>> > My idea is to implement a simple handler which checks whether an
>> > authentication flag has been set in the ServiceGroupContext. In case
>> > it's not available the only service accessible should be the
>> > authentication service and an error response message should be
>> sent. If
>> > the flag has been set, all other services can be accessed until
>> > ServiceGroupContext timed out or the client logged off.
>> >
>> > What I can't see is how to send an error response from within a
>> handler.
>> >
>> > Any pointers, input, and additional suggestions are highly welcome.
>> >
>> > Thanks,
>> > Alex
>> >
>> >
>> >
>> >
>>
>> ------------------------------------------------------------------------
>> Rediscover Hotmail®: Now available on your iPhone or BlackBerry Check
>> it out.
>> <http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009>
>>
>
>
--
DI(FH) Alexander Rosemann
open source based software solutions
Naunspitzweg 3 | 6341 Ebbs | Austria
mobile: +43-681-10337082 | email: alexander.rosemann@gmail.com
*** Your partner in building cutting edge open source based software
solutions ***
Re: Authentication for non SOAP messages
Posted by Alexander Rosemann <al...@gmail.com>.
I've added a handler to the security phase in my axis2.xml. The handler
gets called each time a request comes in.
I'm just puzzled how I can directly send a response message in case the
user has not logged in first.
Cheers,
Alex
Martin Gainty wrote:
> from the HandlerExecution test harness i've seen this depends on
> assigned PHASE
>
> package org.apache.axis2.engine;
> public class HandlerExecutionTest extends LocalTestCase
> {
> *.......
> * private void registerOperationLevelHandlers(AxisOperation operation) {
> ArrayList operationSpecificPhases = new ArrayList();
> operationSpecificPhases.add(new
> Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
> operation.setRemainingPhasesInFlow(operationSpecificPhases);
> ArrayList phaseList = operation.getRemainingPhasesInFlow();
> for (int i = 0; i < phaseList.size(); i++) {
> Phase operationSpecificPhase = (Phase)phaseList.get(i);
> if (PhaseMetadata.PHASE_POLICY_DETERMINATION
> .equals(operationSpecificPhase.getPhaseName())) {
> operationSpecificPhase.addHandler(firstOperationInHandler);
> operationSpecificPhase.addHandler(middleOperationInHandler);
> operationSpecificPhase.addHandler(new TestHandler("In6"));
> }
> }
> operationSpecificPhases = new ArrayList();
> operationSpecificPhases.add(new
> Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
> operation.setPhasesOutFlow(operationSpecificPhases);
> phaseList = operation.getPhasesOutFlow();
> for (int i = 0; i < phaseList.size(); i++) {
> Phase operationSpecificPhase = (Phase)phaseList.get(i);
> if (PhaseMetadata.PHASE_POLICY_DETERMINATION
> .equals(operationSpecificPhase.getPhaseName())) {
> operationSpecificPhase.addHandler(new TestHandler("Out1"));
>
> operationSpecificPhase.addHandler(middleOperationOutHandler);
> operationSpecificPhase.addHandler(new TestHandler("Out3"));
> }
> }
> }
>
> where PHASES are broken out to
> package org.apache.axis2.phaseresolver;
> public class PhaseMetadata {
>
> // INFLOW
> public static final String PHASE_TRANSPORTIN = "TransportIn";
> public static final String PHASE_PRE_DISPATCH = "PreDispatch";
> public static final String PHASE_POST_DISPATCH = "PostDispatch";
> public static final String PHASE_POLICY_DETERMINATION =
> "PolicyDetermination";
> public static final String PHASE_MESSAGE_PROCESSING =
> "MessageProcessing";
>
> // OUTFLOW
> public static final String PHASE_MESSAGE_OUT = "MessageOut";
> public static final String PHASE_DISPATCH = "Dispatch";
> public static final String PHASE_TRANSPORT_OUT = "TransportOut";
>
> public static final String TRANSPORT_PHASE = "TRANSPORT";
>
> which phase would you be attaching your handler to
> ?
> Martin
> ______________________________________________
> Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung /
> Note de déni et de confidentialité
>
> This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents.
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
>
>
>
>
>
>
> > Date: Sun, 12 Apr 2009 16:57:24 +0200
> > From: alexander.rosemann@gmail.com
> > To: axis-user@ws.apache.org
> > CC: alexander.rosemann@gmail.com
> > Subject: Authentication for non SOAP messages
> >
> > Hi,
> >
> > I've created a bunch of Web services, including an authentication
> > service. All services consume and return raw XML messages (no SOAP)
> > which works fine.
> >
> > Now I would like to force clients to authenticate themselves before they
> > are allowed to access any of the services.
> >
> > My idea is to implement a simple handler which checks whether an
> > authentication flag has been set in the ServiceGroupContext. In case
> > it's not available the only service accessible should be the
> > authentication service and an error response message should be sent. If
> > the flag has been set, all other services can be accessed until
> > ServiceGroupContext timed out or the client logged off.
> >
> > What I can't see is how to send an error response from within a handler.
> >
> > Any pointers, input, and additional suggestions are highly welcome.
> >
> > Thanks,
> > Alex
> >
> >
> >
> >
>
> ------------------------------------------------------------------------
> Rediscover Hotmail®: Now available on your iPhone or BlackBerry Check it
> out.
> <http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009>
--
DI(FH) Alexander Rosemann
open source based software solutions
Naunspitzweg 3 | 6341 Ebbs | Austria
mobile: +43-681-10337082 | email: alexander.rosemann@gmail.com
*** Your partner in building cutting edge open source based software
solutions ***
RE: Authentication for non SOAP messages
Posted by Martin Gainty <mg...@hotmail.com>.
from the HandlerExecution test harness i've seen this depends on assigned PHASE
package org.apache.axis2.engine;
public class HandlerExecutionTest extends LocalTestCase
{
.......
private void registerOperationLevelHandlers(AxisOperation operation) {
ArrayList operationSpecificPhases = new ArrayList();
operationSpecificPhases.add(new Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
operation.setRemainingPhasesInFlow(operationSpecificPhases);
ArrayList phaseList = operation.getRemainingPhasesInFlow();
for (int i = 0; i < phaseList.size(); i++) {
Phase operationSpecificPhase = (Phase)phaseList.get(i);
if (PhaseMetadata.PHASE_POLICY_DETERMINATION
.equals(operationSpecificPhase.getPhaseName())) {
operationSpecificPhase.addHandler(firstOperationInHandler);
operationSpecificPhase.addHandler(middleOperationInHandler);
operationSpecificPhase.addHandler(new TestHandler("In6"));
}
}
operationSpecificPhases = new ArrayList();
operationSpecificPhases.add(new Phase(PhaseMetadata.PHASE_POLICY_DETERMINATION));
operation.setPhasesOutFlow(operationSpecificPhases);
phaseList = operation.getPhasesOutFlow();
for (int i = 0; i < phaseList.size(); i++) {
Phase operationSpecificPhase = (Phase)phaseList.get(i);
if (PhaseMetadata.PHASE_POLICY_DETERMINATION
.equals(operationSpecificPhase.getPhaseName())) {
operationSpecificPhase.addHandler(new TestHandler("Out1"));
operationSpecificPhase.addHandler(middleOperationOutHandler);
operationSpecificPhase.addHandler(new TestHandler("Out3"));
}
}
}
where PHASES are broken out to
package org.apache.axis2.phaseresolver;
public class PhaseMetadata {
// INFLOW
public static final String PHASE_TRANSPORTIN = "TransportIn";
public static final String PHASE_PRE_DISPATCH = "PreDispatch";
public static final String PHASE_POST_DISPATCH = "PostDispatch";
public static final String PHASE_POLICY_DETERMINATION = "PolicyDetermination";
public static final String PHASE_MESSAGE_PROCESSING = "MessageProcessing";
// OUTFLOW
public static final String PHASE_MESSAGE_OUT = "MessageOut";
public static final String PHASE_DISPATCH = "Dispatch";
public static final String PHASE_TRANSPORT_OUT = "TransportOut";
public static final String TRANSPORT_PHASE = "TRANSPORT";
which phase would you be attaching your handler to
?
Martin
______________________________________________
Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité
This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni.
> Date: Sun, 12 Apr 2009 16:57:24 +0200
> From: alexander.rosemann@gmail.com
> To: axis-user@ws.apache.org
> CC: alexander.rosemann@gmail.com
> Subject: Authentication for non SOAP messages
>
> Hi,
>
> I've created a bunch of Web services, including an authentication
> service. All services consume and return raw XML messages (no SOAP)
> which works fine.
>
> Now I would like to force clients to authenticate themselves before they
> are allowed to access any of the services.
>
> My idea is to implement a simple handler which checks whether an
> authentication flag has been set in the ServiceGroupContext. In case
> it's not available the only service accessible should be the
> authentication service and an error response message should be sent. If
> the flag has been set, all other services can be accessed until
> ServiceGroupContext timed out or the client logged off.
>
> What I can't see is how to send an error response from within a handler.
>
> Any pointers, input, and additional suggestions are highly welcome.
>
> Thanks,
> Alex
>
>
>
>
_________________________________________________________________
Rediscover Hotmail®: Now available on your iPhone or BlackBerry
http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover_Mobile1_042009