You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Nencho Lupanov <ne...@googlemail.com> on 2007/05/02 08:42:37 UTC
Re: [axis2 ]soap session scope does not work
Hi Paul,
Do you know if with the Secure conversation i can force the client
to send the username token only the first time without having the login
operation, or
I still need this entry point?
Is there any usefull documentation on the rampart secure conv.
implementation?
Thanks,
Nencho
2007/4/27, Paul Fremantle <pz...@gmail.com>:
>
> Nencho
>
> With any third-party users of your service, you do need to give them
> some additional documentation! The WSDL and Policy are a good starting
> point, but the developer still needs to understand the business
> processes behind the services.
>
> However, you are right that secureconversation will also give you the
> pattern you want, where the initial login is used to create a token,
> which is then passed with every request.
>
> Paul
>
> On 4/27/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > Hi Paul,
> >
> > Thanks for the constructive idea :).anyway,I can't confirm that these
> > services will be invoked only by my client code.
> > Consider some third party client - i cannot force himm to call first the
> > login operation, though it is obvious that
> > the rest of the operations will deny to be executed first.
> >
> > Maybe i am stick with the Ws Secure conv implemented in rampart, does
> > someone has tested it with username token sent only the first time?
> >
> >
> > thanks,
> > Nencho
> >
> >
> > 2007/4/27, Paul Fremantle <pz...@gmail.com>:
> > > Nencho
> > >
> > > You can specify different policies per operation with Axis2. So you
> > > need to identify a specific operation that is the "login" operation -
> > > i.e. the one that users call first (and only first), and statically
> > > specify a different policy for this one.
> > >
> > > I'm not suggesting changing the policy at runtime. That won't work -
> > > certainly not at the server side.
> > >
> > > Paul
> > >
> > > On 4/27/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > > > Hi Paul,
> > > >
> > > > Having different policies includes ex-changing them runtime.
> > > >
> > > > 1. Is that posible with axis2 without redeploying the service?
> > > > 2. How this correlates to the session, because i expect different
> > clients to
> > > > connect to this
> > > > service and i cannot just change the policiy since one of the will
> be at
> > the
> > > > login state and another will
> > > > be already loged in.
> > > > 3. does WS secure conversation way overcome those problems?
> > > >
> > > > thanks,
> > > > Nencho
> > > >
> > > >
> > > > 2007/4/27, Paul Fremantle < pzfreo@gmail.com>:
> > > > > Nencho
> > > > >
> > > > > If you want to do this, you need to have two different policies.
> > > > >
> > > > > One for the "login" operation/service, which uses UT, and the
> other
> > > > > for the rest of the operations, which has encryption (if needed)
> but
> > > > > no UT. Obviously you need to write your own logic to ensure that
> you
> > > > > check the session is available for those other operations.
> > > > >
> > > > > Paul
> > > > >
> > > > > On 4/27/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > > > > > Hi Deepal,
> > > > > >
> > > > > > I have yet another question/issue about the sessions.
> > > > > > I am using UsernameToken in a ws security policy handled by
> rampart.
> > > > > > I want to use axis2 sessions so i pass the user/pass only once
> and
> > then
> > > > rely
> > > > > > on the
> > > > > > session to recognize me on a subsequent call.the point is that
> the
> > > > rampart
> > > > > > policy
> > > > > > is alredy there and will expect a username token in every
> request.
> > > > > > Is there any way to overcome this?
> > > > > >
> > > > > > thanks,
> > > > > > Nencho
> > > > > >
> > > > > >
> > > > > > 2007/4/26, Deepal Jayasinghe < deepal@opensource.lk>:
> > > > > > > Hi Nencho,
> > > > > > > Yes we found that issue and we have fixed that in the 1.2branch
> > and
> > > > the
> > > > > > > fixes will be available in 1.2 release.
> > > > > > >
> > > > > > > Thanks
> > > > > > > Deepal
> > > > > > >
> > > > > > > > Hi Deepal,
> > > > > > > >
> > > > > > > > I checked the test and yes i was able to run it successfull.
> > > > > > > > anyway, when i try to put this in my running enviroment i
> get
> > this
> > > > > > > > strange error:
> > > > > > > >
> > > > > > > > [java] Exception in thread "main"
> > org.apache.axis2.AxisFault:
> > > > > > > > Unable to fin
> > > > > > > > d corresponding context for the serviceGroupId:
> > > > > > > > urn:uuid:97198317A8B28D4CDF11775
> > > > > > > > 98325288
> > > > > > > >
> > > > > > > > In services.xml on the server side i have the
> > > > > > > >
> > > > > > > > scope
> > > > > > > >
> > > > > > > > ="soapsession" attribute
> > > > > > > >
> > > > > > > > At the client side I have the following code
> > > > > > > >
> > > > > > > > *options.setManageSession (true); *
> > > > > > > >
> > > > > > > > *...*
> > > > > > > >
> > > > > > > > client.engageModule(new QName("addressing"));
> > > > > > > >
> > > > > > > > Is there anything else to configure?
> > > > > > > >
> > > > > > > > Thanks,
> > > > > > > >
> > > > > > > > Nencho
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > 2007/4/26, Deepal Jayasinghe < deepal@opensource.lk
> > > > > > > > <mailto:deepal@opensource.lk >>:
> > > > > > > >
> > > > > > > > Hi Nencho ,
> > > > > > > >
> > > > > > > > Axis2 soap session to be work , you need to engage
> > addressing in
> > > > > > both
> > > > > > > > the side.
> > > > > > > >
> > > > > > > > It is working , there is a test case in the build so we
> are
> > > > > > > > testing that
> > > > > > > > daily.
> > > > > > > >
> > org.apache.axis2.engine.ServiceGroupContextTest
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Deepal
> > > > > > > >
> > > > > > > > > Hi All,
> > > > > > > > >
> > > > > > > > > I read this axis2 session management article:
> > > > > > > > >
> > > > > >
> > http://www.developer.com/java/web/article.php/3620661
> > > > > > > > >
> > > > > > > > > Basically, it says that i can define my services being
> of
> > a
> > > > soap
> > > > > > > > > session scope,
> > > > > > > > > then i have to put this option on my client:
> > > > > > > > > *options.setManageSession(true);*
> > > > > > > > >
> > > > > > > > > Therefore it is expected for the service to include
> > > > > > > > > <wsa:ReferenceParameters>
> > > > > > > > > element as an session identifier in the soap envelope.
> > > > > > > > >
> > > > > > > > > I tested this and it does not work - axis2 does not
> put
> > that
> > > > > > > > element,
> > > > > > > > > in order
> > > > > > > > > to be used as session identifier.Am i missing
> something or
> > > > this
> > > > > > > > is a bug?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > > Nencho
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Thanks,
> > > > > > > > Deepal
> > > > > > > >
> > > > > >
> > > >
> > ................................................................
> > > > > > > > "The highest tower is built one brick at a time"
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > > > > > axis-user-unsubscribe@ws.apache.org
> > > > > > > > <mailto:axis-user-unsubscribe@ws.apache.org
> > >
> > > > > > > > For additional commands, e-mail:
> > axis-user-help@ws.apache.org
> > > > > > > > <mailto: axis-user-help@ws.apache.org>
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> > > > > > axis-user-unsubscribe@ws.apache.org
> > > > > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Paul Fremantle
> > > > > VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> > > > >
> > > > > http://bloglines.com/blog/paulfremantle
> > > > > paul@wso2.com
> > > > >
> > > > > "Oxygenating the Web Service Platform", www.wso2.com
> > > > >
> > > > >
> > > >
> > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail:
> > > > axis-user-unsubscribe@ws.apache.org
> > > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Paul Fremantle
> > > VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> > >
> > > http://bloglines.com/blog/paulfremantle
> > > paul@wso2.com
> > >
> > > "Oxygenating the Web Service Platform", www.wso2.com
> > >
> > >
> > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > axis-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > >
> > >
> >
> >
>
>
> --
> Paul Fremantle
> VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
>
> http://bloglines.com/blog/paulfremantle
> paul@wso2.com
>
> "Oxygenating the Web Service Platform", www.wso2.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-user-help@ws.apache.org
>
>
Re: [axis2 ]soap session scope does not work
Posted by Paul Fremantle <pz...@gmail.com>.
Nencho
Yes, the conversation initiation will happen on the first call - no
matter what operation.
I think there are good samples in Rampart. They are the best approach
to getting started with Rampart.
Paul
On 5/2/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> Hi Paul,
>
> Do you know if with the Secure conversation i can force the client
> to send the username token only the first time without having the login
> operation, or
> I still need this entry point?
>
> Is there any usefull documentation on the rampart secure conv.
> implementation?
>
>
> Thanks,
> Nencho
>
>
> 2007/4/27, Paul Fremantle <pz...@gmail.com>:
> > Nencho
> >
> > With any third-party users of your service, you do need to give them
> > some additional documentation! The WSDL and Policy are a good starting
> > point, but the developer still needs to understand the business
> > processes behind the services.
> >
> > However, you are right that secureconversation will also give you the
> > pattern you want, where the initial login is used to create a token,
> > which is then passed with every request.
> >
> > Paul
> >
> > On 4/27/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > > Hi Paul,
> > >
> > > Thanks for the constructive idea :).anyway,I can't confirm that these
> > > services will be invoked only by my client code.
> > > Consider some third party client - i cannot force himm to call first the
> > > login operation, though it is obvious that
> > > the rest of the operations will deny to be executed first.
> > >
> > > Maybe i am stick with the Ws Secure conv implemented in rampart, does
> > > someone has tested it with username token sent only the first time?
> > >
> > >
> > > thanks,
> > > Nencho
> > >
> > >
> > > 2007/4/27, Paul Fremantle <pz...@gmail.com>:
> > > > Nencho
> > > >
> > > > You can specify different policies per operation with Axis2. So you
> > > > need to identify a specific operation that is the "login" operation -
> > > > i.e. the one that users call first (and only first), and statically
> > > > specify a different policy for this one.
> > > >
> > > > I'm not suggesting changing the policy at runtime. That won't work -
> > > > certainly not at the server side.
> > > >
> > > > Paul
> > > >
> > > > On 4/27/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > > > > Hi Paul,
> > > > >
> > > > > Having different policies includes ex-changing them runtime.
> > > > >
> > > > > 1. Is that posible with axis2 without redeploying the service?
> > > > > 2. How this correlates to the session, because i expect different
> > > clients to
> > > > > connect to this
> > > > > service and i cannot just change the policiy since one of the will
> be at
> > > the
> > > > > login state and another will
> > > > > be already loged in.
> > > > > 3. does WS secure conversation way overcome those problems?
> > > > >
> > > > > thanks,
> > > > > Nencho
> > > > >
> > > > >
> > > > > 2007/4/27, Paul Fremantle < pzfreo@gmail.com>:
> > > > > > Nencho
> > > > > >
> > > > > > If you want to do this, you need to have two different policies.
> > > > > >
> > > > > > One for the "login" operation/service, which uses UT, and the
> other
> > > > > > for the rest of the operations, which has encryption (if needed)
> but
> > > > > > no UT. Obviously you need to write your own logic to ensure that
> you
> > > > > > check the session is available for those other operations.
> > > > > >
> > > > > > Paul
> > > > > >
> > > > > > On 4/27/07, Nencho Lupanov <ne...@googlemail.com> wrote:
> > > > > > > Hi Deepal,
> > > > > > >
> > > > > > > I have yet another question/issue about the sessions.
> > > > > > > I am using UsernameToken in a ws security policy handled by
> rampart.
> > > > > > > I want to use axis2 sessions so i pass the user/pass only once
> and
> > > then
> > > > > rely
> > > > > > > on the
> > > > > > > session to recognize me on a subsequent call.the point is that
> the
> > > > > rampart
> > > > > > > policy
> > > > > > > is alredy there and will expect a username token in every
> request.
> > > > > > > Is there any way to overcome this?
> > > > > > >
> > > > > > > thanks,
> > > > > > > Nencho
> > > > > > >
> > > > > > >
> > > > > > > 2007/4/26, Deepal Jayasinghe < deepal@opensource.lk>:
> > > > > > > > Hi Nencho,
> > > > > > > > Yes we found that issue and we have fixed that in the 1.2
> branch
> > > and
> > > > > the
> > > > > > > > fixes will be available in 1.2 release.
> > > > > > > >
> > > > > > > > Thanks
> > > > > > > > Deepal
> > > > > > > >
> > > > > > > > > Hi Deepal,
> > > > > > > > >
> > > > > > > > > I checked the test and yes i was able to run it successfull.
> > > > > > > > > anyway, when i try to put this in my running enviroment i
> get
> > > this
> > > > > > > > > strange error:
> > > > > > > > >
> > > > > > > > > [java] Exception in thread "main"
> > > org.apache.axis2.AxisFault:
> > > > > > > > > Unable to fin
> > > > > > > > > d corresponding context for the serviceGroupId:
> > > > > > > > > urn:uuid:97198317A8B28D4CDF11775
> > > > > > > > > 98325288
> > > > > > > > >
> > > > > > > > > In services.xml on the server side i have the
> > > > > > > > >
> > > > > > > > > scope
> > > > > > > > >
> > > > > > > > > ="soapsession" attribute
> > > > > > > > >
> > > > > > > > > At the client side I have the following code
> > > > > > > > >
> > > > > > > > > *options.setManageSession (true); *
> > > > > > > > >
> > > > > > > > > *...*
> > > > > > > > >
> > > > > > > > > client.engageModule(new QName("addressing"));
> > > > > > > > >
> > > > > > > > > Is there anything else to configure?
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > >
> > > > > > > > > Nencho
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > 2007/4/26, Deepal Jayasinghe < deepal@opensource.lk
> > > > > > > > > <mailto: deepal@opensource.lk >>:
> > > > > > > > >
> > > > > > > > > Hi Nencho ,
> > > > > > > > >
> > > > > > > > > Axis2 soap session to be work , you need to engage
> > > addressing in
> > > > > > > both
> > > > > > > > > the side.
> > > > > > > > >
> > > > > > > > > It is working , there is a test case in the build so we
> are
> > > > > > > > > testing that
> > > > > > > > > daily.
> > > > > > > > >
> > > org.apache.axis2.engine.ServiceGroupContextTest
> > > > > > > > >
> > > > > > > > > Thanks
> > > > > > > > > Deepal
> > > > > > > > >
> > > > > > > > > > Hi All,
> > > > > > > > > >
> > > > > > > > > > I read this axis2 session management article:
> > > > > > > > > >
> > > > > > >
> > > http://www.developer.com/java/web/article.php/3620661
> > > > > > > > > >
> > > > > > > > > > Basically, it says that i can define my services being
> of
> > > a
> > > > > soap
> > > > > > > > > > session scope,
> > > > > > > > > > then i have to put this option on my client:
> > > > > > > > > > * options.setManageSession(true);*
> > > > > > > > > >
> > > > > > > > > > Therefore it is expected for the service to include
> > > > > > > > > > <wsa:ReferenceParameters>
> > > > > > > > > > element as an session identifier in the soap envelope.
> > > > > > > > > >
> > > > > > > > > > I tested this and it does not work - axis2 does not
> put
> > > that
> > > > > > > > > element,
> > > > > > > > > > in order
> > > > > > > > > > to be used as session identifier.Am i missing
> something or
> > > > > this
> > > > > > > > > is a bug?
> > > > > > > > > >
> > > > > > > > > > Thanks,
> > > > > > > > > > Nencho
> > > > > > > > > >
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Thanks,
> > > > > > > > > Deepal
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> ................................................................
> > > > > > > > > "The highest tower is built one brick at a time"
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > >
> > > > >
> > >
> ---------------------------------------------------------------------
> > > > > > > > > To unsubscribe, e-mail:
> > > > > > > axis-user-unsubscribe@ws.apache.org
> > > > > > > > > <mailto:
> axis-user-unsubscribe@ws.apache.org
> > > >
> > > > > > > > > For additional commands, e-mail:
> > > axis-user-help@ws.apache.org
> > > > > > > > > <mailto: axis-user-help@ws.apache.org>
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > >
> > >
> ---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > > > > > > axis-user-unsubscribe@ws.apache.org
> > > > > > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Paul Fremantle
> > > > > > VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> > > > > >
> > > > > > http://bloglines.com/blog/paulfremantle
> > > > > > paul@wso2.com
> > > > > >
> > > > > > "Oxygenating the Web Service Platform", www.wso2.com
> > > > > >
> > > > > >
> > > > >
> > >
> ---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
> > > > > axis-user-unsubscribe@ws.apache.org
> > > > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Paul Fremantle
> > > > VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> > > >
> > > > http://bloglines.com/blog/paulfremantle
> > > > paul@wso2.com
> > > >
> > > > "Oxygenating the Web Service Platform", www.wso2.com
> > > >
> > > >
> > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail:
> > > axis-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-user-help@ws.apache.org
> > > >
> > > >
> > >
> > >
> >
> >
> > --
> > Paul Fremantle
> > VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
> >
> > http://bloglines.com/blog/paulfremantle
> > paul@wso2.com
> >
> > "Oxygenating the Web Service Platform", www.wso2.com
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> axis-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-user-help@ws.apache.org
> >
> >
>
>
--
Paul Fremantle
VP/Technology, WSO2 and OASIS WS-RX TC Co-chair
http://bloglines.com/blog/paulfremantle
paul@wso2.com
"Oxygenating the Web Service Platform", www.wso2.com
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org