You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Wynn, Jackson E." <jw...@mitre.org> on 2007/03/13 22:43:02 UTC
changing security policy on the fly..
Hello,
I'm looking for documentation and/or code examples that show how an
Axis2 web service can load and apply different security policies at run
time. This capability is demonstrated by rampart sample client
applications as follows:
StAXOMBuilder builder = new StAXOMBuilder (policyFilename);
Policy thePolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
Options options = new Options();
ServiceClient client = new ServiceClient(m_configContext,
null);
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
thePolicy);
client.setOptions(options);
...
Sadly, the approach above does not work for a service, and I have not
found any code examples that demonstrate how this might be done. For
the service, I've been trying something along these lines:
StAXOMBuilder builder = new StAXOMBuilder (policyFilename);
Policy thePolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(
Constants.getAxisRepository(), Constants.getAxisConfigFile());
ctx.getAxisConfiguration().getPolicyInclude().setPolicy(thePolicy);
System.out.println ("Policy set to: " +
ctx.getAxisConfiguration().getPolicyInclude().getPolicy().getId() );
...
The setPolicy() call appears to change the policy object in the axis
configuration, at least getID() returns the new policy ID. However,
SOAPMonitor shows that service responses do not contain any of the
policy-required elements, e.g., timestamps or signatures. The Axis2
admin page reports that both the addressing and rampart modules are
enabled for this service...
I've tried variations to the above where I use applyPolicy() in the
service and the operation with the same result.. Tracing through the
code in Eclipse the rampart handler is being called but the service
policy in the RampartMessageData is not set..
Has anyone done anything like this before?
Any pointers or ideas would be greatly appreciated !!
TIA,
Jackson Wynn
Lead Infosec Engineer - G026
The MITRE Corporation
Bedford, MA
Re: changing security policy on the fly..
Posted by Sanka Samaranayke <ss...@gmail.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Please log a JIRA
Thanks,
Sanka
Wynn, Jackson E. wrote:
> Hello,
>
> I'm looking for documentation and/or code examples that show how an
> Axis2 web service can load and apply different security policies
> at run time. This capability is demonstrated by rampart sample
> client applications as follows:
>
> /StAXOMBuilder builder = /*/new/*/ StAXOMBuilder (policyFilename);
> /
>
> /Policy thePolicy =
> PolicyEngine.getPolicy(builder.getDocumentElement());/
>
> //
>
> /Options options = /*/new/*/ Options();/
>
> //
>
> //
>
> /ServiceClient client = /*/new/*/ ServiceClient(m_configContext,
> *null*//);/
>
> /options.setProperty(RampartMessageData.//KEY_RAMPART_POLICY//,
> thePolicy);/
>
> /client.setOptions(options); /
>
> /.../
>
> Sadly, the approach above does not work for a service, and I have
> not found any code examples that demonstrate how this might be
> done. For the service, I've been trying something along these
> lines:
>
> /StAXOMBuilder builder = *new*// StAXOMBuilder (policyFilename);/
>
> //
>
> /Policy thePolicy =
> PolicyEngine.getPolicy(builder.getDocumentElement());/
>
> //
>
> /ConfigurationContext ctx =
> ConfigurationContextFactory.createConfigurationContextFromFileSystem(
> Constants.getAxisRepository(), Constants.getAxisConfigFile());/
>
> //
>
> /ctx.getAxisConfiguration().getPolicyInclude().setPolicy(thePolicy);/
>
>
> //
>
> /System.out//.println ("Policy set to: " +
> ctx.getAxisConfiguration().getPolicyInclude().getPolicy().getId()
> );/
>
> ...
>
>
> The setPolicy() call appears to change the policy object in the
> axis configuration, at least getID() returns the new policy ID.
> However, SOAPMonitor shows that service responses do not contain
> any of the policy-required elements, e.g., timestamps or
> signatures. The Axis2 admin page reports that both the addressing
> and rampart modules are enabled for this service...
>
> I've tried variations to the above where I use applyPolicy() in the
> service and the operation with the same result.. Tracing through
> the code in Eclipse the rampart handler is being called but the
> service policy in the RampartMessageData is not set..
>
> Has anyone done anything like this before?
>
> Any pointers or ideas would be greatly appreciated !!
>
>
> TIA, Jackson Wynn Lead Infosec Engineer - G026 The MITRE
> Corporation Bedford, MA
- --
Sanka Samaranayake
WSO2 Inc.
http://sankas.blogspot.com/
http://www.wso2.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)
iD8DBQFF+iiv/Hd0ETKdgNIRAv7oAJ9+KYsQ8YFy85uoCcA/8f1sE/kHaQCgheMv
6NX0oHyo3N8ASCQKBlIcIE0=
=qq4Z
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-dev-help@ws.apache.org