You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Wenshuang Sun <we...@gmail.com> on 2007/10/19 03:28:59 UTC

About multiple policy alternative in rampart

Hi,
In Rampart1.2 or Rampart1.3,
are multiple Policy alternatives  supported?  I want to set
alternative in ws-security policy for
rampart, the alternative of  intention is that I want to support
ws-security and no-ws-security same time at server side, but it's not
available, why? please see the following content.My qeustion is that
while the visitor is to access the server by not using ws-security,
why is the  ws-security settings(the first 'wsp:ExactlyOne' section)
available?
<wsp:Policy wsu:Id="my_policy">
   <!-- ws-security setting is here -->
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SymmetricBinding>
             ................
           </sp:SymmetricBinding>
  </wsp:ExactlyOne>
 <!-- NO ws-security setting is here,-->
 <wsp:ExactlyOne>
        <wsp:All/>
 <wsp:ExactlyOne>
</wsp:Policy>

Thanks.

Re: About multiple policy alternative in rampart

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Wenshuang,
        IMHO, if you want to provide two alternatives using WS-Policy it
should be like,

<wsp:Policy wsu:Id="my_policy">
    <wsp:ExactlyOne>
        <wsp:All>
             <option1/>
        </wsp:All>
        <wsp:All>
             <option2/>
        </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

or in your case as what you want is to have a optional assertion

<wsp:Policy wsu:Id="my_policy">
    <wsp:ExactlyOne>
        <wsp:All>
             <assertion1  wsp:Optional="true"/>
        </wsp:All>
  </wsp:ExactlyOne>
</wsp:Policy>

and not like,

<wsp:Policy wsu:Id="my_policy">
   <!-- ws-security setting is here -->
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SymmetricBinding>
             ................
           </sp:SymmetricBinding>
  </wsp:ExactlyOne>
<!-- NO ws-security setting is here,-->
<wsp:ExactlyOne>
        <wsp:All/>
<wsp:ExactlyOne>
</wsp:Policy>

Anyway it seems that Rampart only take the first alternative in to account.
So you can't have two policy alternatives like that.

            if(this.servicePolicy != null){
                List it = (List)this.servicePolicy.getAlternatives().next();

                //Process policy and build policy data
                this.policyData = RampartPolicyBuilder.build(it);
            }

 the alternative of  intention is that I want to support
> ws-security and no-ws-security same time at server side,


Can't you have two endpoints one with security and other
with no security ?

Regards,
Nandana