You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tuscany.apache.org by ant elder <an...@gmail.com> on 2008/05/22 21:05:41 UTC
Re: How can we turn on/off Rampart conditionally for binding.ws over Axis2?
+1 to the idea, would like to help but not sure if i'll get to it
immediately, its not completely trivial but we should be able to do it with
a bit of refactorying in the axis binding. Its getting set on always by our
TuscanyAxisConfigurator class.
...ant
On Thu, May 22, 2008 at 1:06 AM, Raymond Feng <en...@gmail.com> wrote:
> Hi,
>
> In the latest binding-ws-axis2 code, we always have module "rampart"
> activated in [1]. Consequently, rampart gets on the way for all Axis2 based
> binding.ws invocations. The worst part is that one of the rampart handlers
> try to read some data from the SOAP envelope and it forces the whole
> OMElement to be fully loaded before it is sent to the HTTP. This behavior
> pretty much defeats the performance optimization I'm working on to wrap JAXB
> objects into a SourcedOMElement so that the JAXB objects will only be
> serialized once when the message is sent to the HTTP connection.
>
> I understand rampart is configured to support WS-Security. But I don't
> think we should always pay the penalty in the cases where WS-Security is not
> required at all. Is there an option to turn on/off Rampart conditionally
> (maybe by some code in tuscany-policy-security-ws)?
>
> Thanks,
> Raymond
>
> [1]
> https://svn.apache.org/repos/asf/incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/resources/org/apache/tuscany/sca/binding/ws/axis2/engine/config/axis2.xml
>
Re: How can we turn on/off Rampart conditionally for binding.ws over Axis2?
Posted by Raymond Feng <en...@gmail.com>.
Hi,
We're on the same direction. The fix I checked in is to engage rampart based
on the presence of the WS-Security related intents and policySets.
Thanks,
Raymond
--------------------------------------------------
From: "Mike Edwards" <mi...@gmail.com>
Sent: Friday, May 23, 2008 3:42 AM
To: <tu...@ws.apache.org>
Subject: Re: How can we turn on/off Rampart conditionally for binding.ws
over Axis2?
> Raymond Feng wrote:
>> Is there a way to tell if WS-Security is required for a WS binding? I
>> guess we need to dig into the policy stuff. We then probably need to pass
>> a flag down to the TuscanyAxisConfigurator so that it can decide if
>> rampart should be activated.
>>
>> Thanks,
>> Raymond
>
> Strictly speaking, the way to tell if WS-Security is required means
> looking into the PolicySet(s) that apply to the (WS) binding and
> determining if any of the policies which apply are WS-Security policies.
>
> It would be nice to think that all you need to do is to look at the
> intents marked on the reference and binding (say) but unfortunately, the
> deployers and policy experts can decide that they want security applied
> even if the intents don't call for it. So the runtime has to worry about
> the concrete policies.
>
> Strictly, this means that the binding code has to decide which policies it
> is prepared to deal with and once it sees some set of those policies
> chosen for a given binding, then it must decide which bindimg
> implementation code must be brought to bear in order to provide those
> policies.
>
>
> Yours, Mike.
Re: How can we turn on/off Rampart conditionally for binding.ws over
Axis2?
Posted by Mike Edwards <mi...@gmail.com>.
Raymond Feng wrote:
> Is there a way to tell if WS-Security is required for a WS binding? I
> guess we need to dig into the policy stuff. We then probably need to
> pass a flag down to the TuscanyAxisConfigurator so that it can decide if
> rampart should be activated.
>
> Thanks,
> Raymond
Strictly speaking, the way to tell if WS-Security is required means looking into the PolicySet(s)
that apply to the (WS) binding and determining if any of the policies which apply are WS-Security
policies.
It would be nice to think that all you need to do is to look at the intents marked on the reference
and binding (say) but unfortunately, the deployers and policy experts can decide that they want
security applied even if the intents don't call for it. So the runtime has to worry about the
concrete policies.
Strictly, this means that the binding code has to decide which policies it is prepared to deal with
and once it sees some set of those policies chosen for a given binding, then it must decide which
bindimg implementation code must be brought to bear in order to provide those policies.
Yours, Mike.
Re: How can we turn on/off Rampart conditionally for binding.ws over Axis2?
Posted by Raymond Feng <en...@gmail.com>.
Is there a way to tell if WS-Security is required for a WS binding? I guess
we need to dig into the policy stuff. We then probably need to pass a flag
down to the TuscanyAxisConfigurator so that it can decide if rampart should
be activated.
Thanks,
Raymond
--------------------------------------------------
From: "ant elder" <an...@gmail.com>
Sent: Thursday, May 22, 2008 12:05 PM
To: <tu...@ws.apache.org>
Subject: Re: How can we turn on/off Rampart conditionally for binding.ws
over Axis2?
> +1 to the idea, would like to help but not sure if i'll get to it
> immediately, its not completely trivial but we should be able to do it
> with
> a bit of refactorying in the axis binding. Its getting set on always by
> our
> TuscanyAxisConfigurator class.
>
> ...ant
>
> On Thu, May 22, 2008 at 1:06 AM, Raymond Feng <en...@gmail.com> wrote:
>
>> Hi,
>>
>> In the latest binding-ws-axis2 code, we always have module "rampart"
>> activated in [1]. Consequently, rampart gets on the way for all Axis2
>> based
>> binding.ws invocations. The worst part is that one of the rampart
>> handlers
>> try to read some data from the SOAP envelope and it forces the whole
>> OMElement to be fully loaded before it is sent to the HTTP. This behavior
>> pretty much defeats the performance optimization I'm working on to wrap
>> JAXB
>> objects into a SourcedOMElement so that the JAXB objects will only be
>> serialized once when the message is sent to the HTTP connection.
>>
>> I understand rampart is configured to support WS-Security. But I don't
>> think we should always pay the penalty in the cases where WS-Security is
>> not
>> required at all. Is there an option to turn on/off Rampart conditionally
>> (maybe by some code in tuscany-policy-security-ws)?
>>
>> Thanks,
>> Raymond
>>
>> [1]
>> https://svn.apache.org/repos/asf/incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/resources/org/apache/tuscany/sca/binding/ws/axis2/engine/config/axis2.xml
>>
>