You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Narayan Dhillon <Na...@vocalink.com> on 2008/01/28 20:23:56 UTC
RE: Rampart: Unability to specify custom implementation of PolicyBasedResultsValidator(Rampart-135)
Hi Ruchith, devs,
I have created enhancement JIRA for this and also attached the patch.
Could some one please apply it?
https://issues.apache.org/jira/browse/RAMPART-135
Thanks, Narayan
-----Original Message-----
From: Narayan Dhillon [mailto:Narayan.Dhillon@vocalink.com]
Sent: 24 January 2008 18:04
To: rampart-dev@ws.apache.org
Subject: RE: Rampart: Unability to specify custom implementation of
PolicyBasedResultsValidator
Hi Ruchith,
I would like to progress on this and to summarize what we want:
(1) Make org.apache.rampart.PolicyBasedResultsValidator to extend
callbackhandler interface.
(2) Add parameter to Rampart config to provide
PolicyBasedResultsValidatior callback handler. If nothing specified it
will use default implementation in (1) above.
If you happy with this I could crack this over the weekend and submit
the patch?
Regards, Narayan
-----Original Message-----
From: Narayan Dhillon [mailto:Narayan.Dhillon@vocalink.com]
Sent: 17 January 2008 09:30
To: rampart-dev@ws.apache.org
Subject: RE: Rampart: Unability to specify custom implementation of
PolicyBasedResultsValidator
Hi Ruchith,
I just wanted to do cert validation separately. Your solution below
seems to be perfect for that.
I think ideally policy results validation should be as per ws-security
standards, and should be driven by ws-securitypolicy, if there is an
issue then it should be fixed in Rampart. However there is no harm in
making it extendable as you suggested below using a callback approach.
Rampart could provide default implementation and leaving up to the user
to override with custom implementation of callback class.
Regards, Narayan
-----Original Message-----
From: Ruchith Fernando [mailto:ruchithf@apache.org]
Sent: 17 January 2008 02:14
To: rampart-dev@ws.apache.org
Subject: Re: Rampart: Unability to specify custom implementation of
PolicyBasedResultsValidator
Hi Narayan,
Do you want to be able to validate complete results? Or only cert
validation? If so I think we can give a solution where you can specify
the Trust verification separately through the configuration.
We can use a callback approach in this case as well where the callback
handler interface that you will have to implement will have a method
that accepts the cert and RampartMessageData instance and can return
whether validation is successful or not.
Thoughts?
Thanks,
Ruchith
Narayan Dhillon wrote:
> Hi,
>
>
>
> Cert validation is important part in WS-Security and different
> organizations have different rules for that, and that could be
fulfilled
> by ability to have custom implementation of
PolicyBasedResultsValidator.
>
>
>
> All the documentation and intention in the Rampart code seems to
suggest
> that org.apache.rampart.PolicyBasedResultsValidator.verifyTrust()
method
> could be overridden in custom implementations. However currently
> PolicyBasedResultsValidator is hard-wired into RampartEngine; which
> makes it impossible to override unless RampartReceiver & RampartEngine
> are overridden as well.
>
>
>
> I can think of 2 options -
>
> (1) Ability to provide custom policy validation by sub classing
> RampartReceiver, and then RampartReceiver passes it to RampartEngine.
> This is same way as done in Old config based rampart as verifyTrust()
> method could be overridden by extending WSDoAllReceiver.
>
>
>
> (2) Using Rampart config to specify PolicyBasedResultsValidator class.
>
>
>
> Option (1) is fairly easy to implement and will also make Rampart
> capability backward compatible with old Rampart.
>
>
>
> I'll highly appreciate if development team could please comment on
this?
>
>
>
> Regards, Narayan
>
>
>
>
> *****************************************************
> This email is issued by a VocaLink group company. It is confidential
and intended for the exclusive use of the addressee only. You should not
disclose its contents to any other person. If you are not the addressee
(or responsible for delivery of the message to the addressee), please
notify the originator immediately by return message and destroy the
original message. The contents of this email will have no contractual
effect unless it is otherwise agreed between a specific VocaLink group
company and the recipient.
>
> The VocaLink group companies include, among others: VocaLink Limited
(Company No 06119048, VAT No. 907 9619 87) which is registered in
England and Wales at registered office Drake House, Homestead Road,
Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
1023742, VAT No. 907 9619 87) which is registered in England and Wales
at registered office Drake House, Three Rivers Court, Homestead Road,
Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
registered in England and Wales at registered office Arundel House, 1
Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
in England and Wales at registered office Drake House, Homestead Road,
Rickmansworth, WD3 1FX. United Kingdom.
>
> The views and opinions expressed in this email may not reflect those
of any member of the VocaLink group. This message and any attachments
have been scanned for viruses prior to leaving the VocaLink group
network; however, VocaLink does not guarantee the security of this
message and will not be responsible for any damages arising as a result
of any virus being passed on or arising from any alteration of this
message by a third party. The VocaLink group may monitor emails sent to
and from the VocaLink group network.
>
> This message has been checked for all email viruses by MessageLabs.
> *************************************************************
*****************************************************
This email is issued by a VocaLink group company. It is confidential and
intended for the exclusive use of the addressee only. You should not
disclose its contents to any other person. If you are not the addressee
(or responsible for delivery of the message to the addressee), please
notify the originator immediately by return message and destroy the
original message. The contents of this email will have no contractual
effect unless it is otherwise agreed between a specific VocaLink group
company and the recipient.
The VocaLink group companies include, among others: VocaLink Limited
(Company No 06119048, VAT No. 907 9619 87) which is registered in
England and Wales at registered office Drake House, Homestead Road,
Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
1023742, VAT No. 907 9619 87) which is registered in England and Wales
at registered office Drake House, Three Rivers Court, Homestead Road,
Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
registered in England and Wales at registered office Arundel House, 1
Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
in England and Wales at registered office Drake House, Homestead Road,
Rickmansworth, WD3 1FX. United Kingdom.
The views and opinions expressed in this email may not reflect those of
any member of the VocaLink group. This message and any attachments have
been scanned for viruses prior to leaving the VocaLink group network;
however, VocaLink does not guarantee the security of this message and
will not be responsible for any damages arising as a result of any virus
being passed on or arising from any alteration of this message by a
third party. The VocaLink group may monitor emails sent to and from the
VocaLink group network.
This message has been checked for all email viruses by MessageLabs.
*************************************************************
*****************************************************
This email is issued by a VocaLink group company. It is confidential and
intended for the exclusive use of the addressee only. You should not
disclose its contents to any other person. If you are not the addressee
(or responsible for delivery of the message to the addressee), please
notify the originator immediately by return message and destroy the
original message. The contents of this email will have no contractual
effect unless it is otherwise agreed between a specific VocaLink group
company and the recipient.
The VocaLink group companies include, among others: VocaLink Limited
(Company No 06119048, VAT No. 907 9619 87) which is registered in
England and Wales at registered office Drake House, Homestead Road,
Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
1023742, VAT No. 907 9619 87) which is registered in England and Wales
at registered office Drake House, Three Rivers Court, Homestead Road,
Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
registered in England and Wales at registered office Arundel House, 1
Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
in England and Wales at registered office Drake House, Homestead Road,
Rickmansworth, WD3 1FX. United Kingdom.
The views and opinions expressed in this email may not reflect those of
any member of the VocaLink group. This message and any attachments have
been scanned for viruses prior to leaving the VocaLink group network;
however, VocaLink does not guarantee the security of this message and
will not be responsible for any damages arising as a result of any virus
being passed on or arising from any alteration of this message by a
third party. The VocaLink group may monitor emails sent to and from the
VocaLink group network.
This message has been checked for all email viruses by MessageLabs.
*************************************************************
*****************************************************
This email is issued by a VocaLink group company. It is confidential and intended for the exclusive use of the addressee only. You should not disclose its contents to any other person. If you are not the addressee (or responsible for delivery of the message to the addressee), please notify the originator immediately by return message and destroy the original message. The contents of this email will have no contractual effect unless it is otherwise agreed between a specific VocaLink group company and the recipient.
The VocaLink group companies include, among others: VocaLink Limited (Company No 06119048, VAT No. 907 9619 87) which is registered in England and Wales at registered office Drake House, Homestead Road, Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no 1023742, VAT No. 907 9619 87) which is registered in England and Wales at registered office Drake House, Three Rivers Court, Homestead Road, Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange Network Limited (Company No 3565766, VAT No. 907 9619 87) which is registered in England and Wales at registered office Arundel House, 1 Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings Limited (Company No 06119036, VAT No. 907 9619 87) which is registered in England and Wales at registered office Drake House, Homestead Road, Rickmansworth, WD3 1FX. United Kingdom.
The views and opinions expressed in this email may not reflect those of any member of the VocaLink group. This message and any attachments have been scanned for viruses prior to leaving the VocaLink group network; however, VocaLink does not guarantee the security of this message and will not be responsible for any damages arising as a result of any virus being passed on or arising from any alteration of this message by a third party. The VocaLink group may monitor emails sent to and from the VocaLink group network.
This message has been checked for all email viruses by MessageLabs.
*************************************************************