You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-dev@axis.apache.org by "Davanum Srinivas (JIRA)" <ji...@apache.org> on 2005/08/16 04:45:53 UTC

[jira] Created: (AXIS2-151) WS-Security Module based on WSS4J

WS-Security Module based on WSS4J
---------------------------------

         Key: AXIS2-151
         URL: http://issues.apache.org/jira/browse/AXIS2-151
     Project: Apache Axis 2.0 (Axis2)
        Type: New Feature
    Reporter: Davanum Srinivas


Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)

thanks,
dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Davanum Srinivas (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12318966 ] 

Davanum Srinivas commented on AXIS2-151:
----------------------------------------

Ruchith,

We need something ASAP!!!! Please see latest WSS4J cvs, especially the following files:

org.apache.ws.security.handler.WSHandler (Contains absolutely zero Axis related code)
org.apache.ws.axis.security.handler.WSDoAllHandler (extends WSHandler and implements org.apache.axis.Handler)
org.apache.ws.axis.security.WSDoAllReceiver (extends WSDoAllHandler)
org.apache.ws.axis.security.WSDoAllSender (extends WSDoAllHandler)
org.apache.ws.security.handler.WSS4JHandler (extends WSHandler and implements javax.xml.rpc.handler.Handler)
org.apache.ws.security.handler.RequestData (stores information that gets passed between the above classes)

If you see WSDoAllReceiver and WSDoAllSender, you will see that it is extremely simple now. You don't have to implement DOM in AXIOM right away. I'd say take a short cut, as dirty as you can, EVEN if you have to stream everything to byte array and make a dom document out of it. Get things working and then parallelly we can work on DOM in AXIOM. Once DOM is implemented on top of AXIOM it will be just few lines of code change to make things better. 

How does this plan of attack sound to you? 

Thanks,
dims

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12319161 ] 

Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------

Hi all,

I ported WsDoAll* handlers to Axis2.

Action plan for the next few days:
 - Develop the axis2 module and test it
 - Setup the interop tests
 - 'How to' doc on configuring WSS4J on Axis2

comments?

Ruchith

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12319528 ] 

Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------

Required libraries
--------------------------------------------------------------------------------------
xml-sec-1.2.1.jar is required for the maven build compilation
and
opensaml.jar and bcprovider.jar is required to run the tests


Setting the client's module configurations statically:
---------------------------------------------------------------------------------------
It seems like the available option is client's axis2.xml
Example: axis2.xml for client:
<module ref="security">
	<parameter name="action" locked="xsd:false">UsernameToken</parameter>

	<parameter name="passwordCallbackClass" locked="xsd:false">sample1.PWCallback</parameter>
</module>

Setting the service's module configurations:
----------------------------------------------------------------------------------------
The service.xml will be used to configure the globally engaged security module.

The security module cannot be engaged per service since it cannot refer the system defined 'preDispatch' phase as a service specific module.

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Davanum Srinivas (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12318997 ] 

Davanum Srinivas commented on AXIS2-151:
----------------------------------------

Ruchith,

Let's start with a maven module parallel to addressing in axis2 and do the work there. i will make the wss4j-SNAPSHOT available so that we can use it. Once we have the code stabilized we'll see what to do (move the code to wss4j or not!)

org.apache.axis2.security sounds better. 

thanks,
dims

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12320864 ] 

Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------

The WSDoAll* handlres were ported to an Axis2 module

The 8 WS-Security interop scenarios are included in the integration test suit.

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Davanum Srinivas (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12319722 ] 

Davanum Srinivas commented on AXIS2-151:
----------------------------------------

hang on...let me think about this and review the code.

-- dims

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Assigned: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/AXIS2-151?page=all ]

Ruchith Udayanga Fernando reassigned AXIS2-151:
-----------------------------------------------

    Assign To: Ruchith Udayanga Fernando

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12319718 ] 

Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------

The security module has to be deployed/engaged as a global module is Axis2. Therefore right now it expects all the services to provide configuration information. 

To disable a security handlers the 'action' property has to be set to 'NoSecurity' which expects every service will have to have the follwing line in the service.xml:

<parameter name="action" locked="xsd:false">NoSecurity</parameter>

BUT we can change this behaviour by introducing a new parameter called 'engageSecurity' to the service.xml where if the value of this is false ( <parameter name="engageSecurity" locked="xsd:false">false</parameter>) or missing then the security handlers will not process the message whereas if the value is true: 
     <parameter name="engageSecurity" locked="xsd:false">true</parameter> 
then the security handlers will expect the configuration parameters to be available.

IMHO this mechanism will ensure that ONLY those who need security module for their services will need to provide configuration information in the service.xml

comments?

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Sanjiva Weerawarana (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12318910 ] 

Sanjiva Weerawarana commented on AXIS2-151:
-------------------------------------------

+1 for having a WS-Sec module which does not require SAAJ support. 

The question of how to achieve that (whether to wrap the OM impl or to write one which supports both DOM and OM) is a separate one. I prefer the latter but that's not as crucial as making sure that WS-Sec support does not require SAAJ support. In any case, SAAJ doesn't deal with MTOM stuff correctly and doing DOM over OM will do it right.

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Resolved: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Davanum Srinivas (JIRA)" <ji...@apache.org>.

     [ http://issues.apache.org/jira/browse/AXIS2-151?page=all ]
     
Davanum Srinivas resolved AXIS2-151:
------------------------------------

    Resolution: Fixed

Awesome!!!

thanks,
dims

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Davanum Srinivas (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12319017 ] 

Davanum Srinivas commented on AXIS2-151:
----------------------------------------

Added a maven module with placeholders. It's all yours now :) 

thanks,
dims

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12318875 ] 

Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------

We should be able to use most of WSS4J in Axis2 (org.apache.ws.security.*) once we have the required DOM support. IMHO we have two options for a DOM impl.

 1.) A DOM impl that wraps the llom of OM
     - SAAJ impl which uses the available underlying DOM impl provides access to such an impl but there's no clear OM->DOM->SAAJ seperation. This would force us to use SAAJ in the WS-Sec handlers to get teh DOM support. 

 2.) A DOM impl which is a pure/new impl of the org.w3c.dom.* interfaces and the org.apache.axis.om.* interfaces. 
     - This option will give us the option to use the StAXSoapModelBuilder with a custom *DOMFactory* (extends SOAPFactory) and build an DOMified OM tree.
     - If we have this sort of an impl we should be able to reuse this new DOM without other dependancies

So what do you guys think :-) ?



> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira

[jira] Commented: (AXIS2-151) WS-Security Module based on WSS4J

Posted by "Ruchith Udayanga Fernando (JIRA)" <ji...@apache.org>.

    [ http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12318976 ] 

Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------

Dims,

I had a look at the changes and the plan sounds good :-)

I started on the WSS4J- Axis2 module. The module impl can go in the "org.apache.ws.axis2.security" package. Also we'll have to add a few jars in to wss4j: axis2-0.91.jar, stax-api-1.0.jar, stax-1.1.1.jar

Shall I add the "org.apache.ws.axis2.*" stuff and the jars into WSS4J CVS?

Thanks,
Ruchith

> WS-Security Module based on WSS4J
> ---------------------------------
>
>          Key: AXIS2-151
>          URL: http://issues.apache.org/jira/browse/AXIS2-151
>      Project: Apache Axis 2.0 (Axis2)
>         Type: New Feature
>     Reporter: Davanum Srinivas
>     Assignee: Ruchith Udayanga Fernando

>
> Similar to addressing, could we please add a WS-Security module as well? (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira