You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Dennis Ho <dh...@paymentone.com> on 2008/06/23 23:11:04 UTC
[Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Hi,
I am a new user to Axis2 and have a couple of questions
about how to use axis2 to web-service enable some of our APIs.
1) The WS Security spec (which Rampart supports) mainly talks
about authentication. I wonder how I should implement authorization
which uses the combination of username/password/function to see if a
user can access the web service invoked.
2) If I want to separate the authorization into a different tier
architecturally (ie onto a separate box) and only forward the authorized
soap requests to another machine for processing, how would I do it? So
in effect, there are 2 tiers in my system, the first tier talks to the
outside world and performs access control checks. The second tier does
the business rules processing for authorized messages. In the first
tier, it will involve repackaging an authorized incoming SOAP message
and sending it out to a different machine and processing the resulting
response. In the second tier, it is more or less a normal web service.
Is it possible to write a handler to intercept the coming SOAP message,
and reroute the SOAP message to a different machine and thus completely
bypassing the Message Receiver on the first tier? Or should the
rerouting be done at the Message Receiver level? Hopefully, I don't
have to write something at the web services level in the first tier to
perform the rerouting because I don't want to parse the SOAP message
since no business rules are being executed.
Thanks in advance for your help.
Regards,
Dennis Ho.
RE: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Posted by Dennis Ho <dh...@paymentone.com>.
Thanks, I will take a look at synapse.
-----Original Message-----
From: indika kumara [mailto:indika.kuma@gmail.com]
Sent: Monday, June 23, 2008 10:48 PM
To: axis-user@ws.apache.org
Subject: Re: [Axis2]Access Control with Axis2 and splitting the SOAP
processing onto different machines
Hi Dennis
You can do this with Apache synapse. Apache synapse can act as your
first tier that doing authorization based routing. Apache synapse also
uses axis2,rampart,etc for it's web service related processing.Please
post your requirement on user@synapse.apache.org
Thanks
Indika
On Tue, Jun 24, 2008 at 2:41 AM, Dennis Ho <dh...@paymentone.com> wrote:
Hi,
I am a new user to Axis2 and have a couple of questions
about how to use axis2 to web-service enable some of our APIs.
1) The WS Security spec (which Rampart supports) mainly talks
about authentication. I wonder how I should implement authorization
which uses the combination of username/password/function to see if a
user can access the web service invoked.
2) If I want to separate the authorization into a different tier
architecturally (ie onto a separate box) and only forward the authorized
soap requests to another machine for processing, how would I do it? So
in effect, there are 2 tiers in my system, the first tier talks to the
outside world and performs access control checks. The second tier does
the business rules processing for authorized messages. In the first
tier, it will involve repackaging an authorized incoming SOAP message
and sending it out to a different machine and processing the resulting
response. In the second tier, it is more or less a normal web service.
Is it possible to write a handler to intercept the coming SOAP message,
and reroute the SOAP message to a different machine and thus completely
bypassing the Message Receiver on the first tier? Or should the
rerouting be done at the Message Receiver level? Hopefully, I don't
have to write something at the web services level in the first tier to
perform the rerouting because I don't want to parse the SOAP message
since no business rules are being executed.
Thanks in advance for your help.
Regards,
Dennis Ho.
Re: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Posted by indika kumara <in...@gmail.com>.
Hi Dennis
You can do this with Apache synapse. Apache synapse can act as your first
tier that doing authorization based routing. Apache synapse also uses
axis2,rampart,etc for it's web service related processing.Please post your
requirement on user@synapse.apache.org
Thanks
Indika
On Tue, Jun 24, 2008 at 2:41 AM, Dennis Ho <dh...@paymentone.com> wrote:
> Hi,
>
>
>
> I am a new user to Axis2 and have a couple of questions about
> how to use axis2 to web-service enable some of our APIs.
>
>
>
> 1) The WS Security spec (which Rampart supports) mainly talks about
> authentication. I wonder how I should implement authorization which uses
> the combination of username/password/function to see if a user can access
> the web service invoked.
>
> 2) If I want to separate the authorization into a different tier
> architecturally (ie onto a separate box) and only forward the authorized
> soap requests to another machine for processing, how would I do it? So in
> effect, there are 2 tiers in my system, the first tier talks to the outside
> world and performs access control checks. The second tier does the business
> rules processing for authorized messages. In the first tier, it will
> involve repackaging an authorized incoming SOAP message and sending it out
> to a different machine and processing the resulting response. In the
> second tier, it is more or less a normal web service. Is it possible to
> write a handler to intercept the coming SOAP message, and reroute the SOAP
> message to a different machine and thus completely bypassing the Message
> Receiver on the first tier? Or should the rerouting be done at the Message
> Receiver level? Hopefully, I don't have to write something at the web
> services level in the first tier to perform the rerouting because I don't
> want to parse the SOAP message since no business rules are being executed.
>
>
>
> Thanks in advance for your help.
>
>
>
> Regards,
>
>
>
> Dennis Ho.
>
>
>
Re: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Posted by Sameera Jayasoma <sa...@gmail.com>.
Hi Dennis,
On Tue, Jun 24, 2008 at 2:41 AM, Dennis Ho <dh...@paymentone.com> wrote:
> Hi,
>
>
>
> I am a new user to Axis2 and have a couple of questions about
> how to use axis2 to web-service enable some of our APIs.
>
>
>
> 1) The WS Security spec (which Rampart supports) mainly talks about
> authentication. I wonder how I should implement authorization which uses
> the combination of username/password/function to see if a user can access
> the web service invoked.
>
Have a look at this article "UsernameToken Authentication with Rampart" (
http://wso2.org/library/240). It may help you for your first problem.
Thanks
Sameera
>
--
Sameera Jayasoma
Software Engineer
WSO2 Inc.
Oxygenating the Web Service Platform.
http://wso2.org/
blog: http://sameera-jayasoma.blogspot.com/