ws-security policy combinations

[Venkata Krishnan <fo...@gmail.com>]

Hi,

I've been recently looking into the calculator-ws-secure-webapp sample,
enabling it for authentication and integrity.  While there has been no
specific issue with getting these to work in a webapp, I observed the
following :-

- assume there are different policysets defined for authentication and
integrity.  There are two types of policy models we support for ws-security
currently, i) that uses axis2 config parameters and 2) that uses WS-Policy (
i.e. ws-security-policy)
- now if I set up a service with either authentication or integrity, things
seem to work fine.  However, if I adorn a service with both authentication
and integrity, then things go a bit bizarre.  But when I merged the two
policies together things work as expected i.e. I had to define one single
policyset to encapsulate the policy for authentication and integrity.

So it seems like the configation parameters and WS-Policy instances may need
to be merged before being set into Axis2.  But, then I don't like the idea
of asking users to create merged versions of policies besides the individual
ones.  So am trying to see if I can clean up the policy handling in
binding-ws-axis2 to something where we have policy handlers doing this merge
before setting onto axis2.

Thoughts ?

Thanks

- Venkat

Re: ws-security policy combinations

[Venkata Krishnan <fo...@gmail.com>]

Hi,

I have made some changes to how policy handling is done in the axis2 binding
under r616886.  The handling used to be a part of the binding
implementation.  Now I have changed to use policyhandlers to decouple and
bring in extensibility.

Now that the handling is to be dealt by separate PolicyHandler classes, its
necessary that these handler classes are specified in the META-INF/services
directory.

PolicyHanlder classes are qualified interms of the PolicyModel that they can
handle and the intent they can address.  This is what is laid out in the
PolicyHanlder services file in the META-INF/services directory.

Its quite late now.  I shall post a little more on this PolicyHandler
tomorrow and gather opinions from people.

Thanks.

- Venkat

On Jan 29, 2008 9:33 PM, Venkata Krishnan <fo...@gmail.com> wrote:

> Hi,
>
> I've been recently looking into the calculator-ws-secure-webapp sample,
> enabling it for authentication and integrity.  While there has been no
> specific issue with getting these to work in a webapp, I observed the
> following :-
>
> - assume there are different policysets defined for authentication and
> integrity.  There are two types of policy models we support for ws-security
> currently, i) that uses axis2 config parameters and 2) that uses WS-Policy (
> i.e. ws-security-policy)
> - now if I set up a service with either authentication or integrity,
> things seem to work fine.  However, if I adorn a service with both
> authentication and integrity, then things go a bit bizarre.  But when I
> merged the two policies together things work as expected i.e. I had to
> define one single policyset to encapsulate the policy for authentication and
> integrity.
>
> So it seems like the configation parameters and WS-Policy instances may
> need to be merged before being set into Axis2.  But, then I don't like the
> idea of asking users to create merged versions of policies besides the
> individual ones.  So am trying to see if I can clean up the policy handling
> in binding-ws-axis2 to something where we have policy handlers doing this
> merge before setting onto axis2.
>
> Thoughts ?
>
> Thanks
>
> - Venkat
>
>