You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Bob Jacoby <bo...@gossamer-group.com> on 2008/10/16 16:39:04 UTC

Externalize Policy/Rampart Config on server side

I'm using policy based configuration for my services and using the 509
token profile. We use the same policy configuration and keystore for all
of our services. All the rampart-samples and other examples  I've seen
inline the policy in the services.xml. This means that for each service
in each services.xml I duplicate the policy and rampart config section.
If I change anything about the policy or rampart config, I would need to
change every service in every services.xml file.

Is there an existing way to externalize the policy and config while
still using policy based configurations? Ideally, I'd be able to:

1. Reference an external policy within the services.xml (e.g. policy-ref
similar to module-ref) at the servicegroup and service level.

2. A property in the rampart config section within the policy to set a
'config' callback handler that would be called to retrieve the
rampart/wss4j configuration properties. It would be nice if this
callback request included the service for which the configuration is be
requested.

The first is more important to me than the second, but I think both
would offer valuable flexibility.

Thanks,
Bob

Re: Externalize Policy/Rampart Config on server side

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Bob,

>
> As for 2, thanks for the reference. Any thoughts on when the next
> 'official' rampart release will be made since the issue appears to have
> been resolved after rampart 1.4 was released?


There is a discussion [1] on the Axis2 dev list about the time line of Axis2
1.5 and we will be releasing a Rampart 1.5 just after Axis2 1.5 release.
There has been some critical fixes in Rampart too so the timing will be jut
great.

thanks,
nandana

[1] -
http://markmail.org/message/fluu55cg3ytld5ls?q=list:org%2Eapache%2Ews%2Eaxis-dev


> -----Original Message-----
> From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com]
> Sent: Thursday, October 16, 2008 9:59 AM
> To: rampart-dev@ws.apache.org
> Subject: Re: Externalize Policy/Rampart Config on server side
>
> Hi Bob,
>
> 1. Reference an external policy within the services.xml (e.g. policy-ref
> > similar to module-ref) at the servicegroup and service level.
>
>
> If you use the policy attachment mechanism [1] added lately to Axis2,
> you
> must be able to add a policy reference to the service giving an absolute
> URL
> of an external policy. But I have never  tried it.
>
> <service>
>       ...
>   <wsp:PolicyAttachment xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy">
>      <wsp:AppliesTo>
>        <policy-subject identifier="binding:soap11" />
>        <policy-subject identifier="binding:soap12" />
>      </wsp:AppliesTo>
>    <wsp:PolicyReference xmlns:wsp="
> http://schemas.xmlsoap.org/ws/2004/09/policy"
> URI="http://myDomain/mypolicy"/>
>
>  <wsp:PolicyAttachment/>
> </service>
>
>
> > 2. A property in the rampart config section within the policy to set a
> > 'config' callback handler that would be called to retrieve the
> > rampart/wss4j configuration properties. It would be nice if this
> > callback request included the service for which the configuration is
> be
> > requested.
> >
>
> Rampart has a mechanism to update the RampartConfg using a callback [2]
> which was added recently. I will write some documentation on how to use
> it.
>
> thanks,
> nandana
>
> [1] - https://wso2.org/library/3786
> [2] - http://issues.apache.org/jira/browse/RAMPART-177
>
>
> --
> Nandana Mihindukulasooriya
> WSO2 inc.
>
> http://nandana83.blogspot.com/
> http://www.wso2.org
>

RE: Externalize Policy/Rampart Config on server side

Posted by Bob Jacoby <bo...@gossamer-group.com>.

Thanks, Nandana! I tried using the external reference for policies but
kept getting a 'policy not found' error. I'll look into it more to see
if I'm just missing something stupid.

As for 2, thanks for the reference. Any thoughts on when the next
'official' rampart release will be made since the issue appears to have
been resolved after rampart 1.4 was released?

Thanks,
Bob

-----Original Message-----
From: Nandana Mihindukulasooriya [mailto:nandana.cse@gmail.com] 
Sent: Thursday, October 16, 2008 9:59 AM
To: rampart-dev@ws.apache.org
Subject: Re: Externalize Policy/Rampart Config on server side

Hi Bob,

1. Reference an external policy within the services.xml (e.g. policy-ref
> similar to module-ref) at the servicegroup and service level.


If you use the policy attachment mechanism [1] added lately to Axis2,
you
must be able to add a policy reference to the service giving an absolute
URL
of an external policy. But I have never  tried it.

<service>
       ...
   <wsp:PolicyAttachment xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsp:AppliesTo>
        <policy-subject identifier="binding:soap11" />
        <policy-subject identifier="binding:soap12" />
      </wsp:AppliesTo>
    <wsp:PolicyReference xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy"
URI="http://myDomain/mypolicy"/>

  <wsp:PolicyAttachment/>
</service>


> 2. A property in the rampart config section within the policy to set a
> 'config' callback handler that would be called to retrieve the
> rampart/wss4j configuration properties. It would be nice if this
> callback request included the service for which the configuration is
be
> requested.
>

Rampart has a mechanism to update the RampartConfg using a callback [2]
which was added recently. I will write some documentation on how to use
it.

thanks,
nandana

[1] - https://wso2.org/library/3786
[2] - http://issues.apache.org/jira/browse/RAMPART-177


-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/
http://www.wso2.org

Re: Externalize Policy/Rampart Config on server side

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Bob,

1. Reference an external policy within the services.xml (e.g. policy-ref
> similar to module-ref) at the servicegroup and service level.


If you use the policy attachment mechanism [1] added lately to Axis2, you
must be able to add a policy reference to the service giving an absolute URL
of an external policy. But I have never  tried it.

<service>
       ...
   <wsp:PolicyAttachment xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy">
      <wsp:AppliesTo>
        <policy-subject identifier="binding:soap11" />
        <policy-subject identifier="binding:soap12" />
      </wsp:AppliesTo>
    <wsp:PolicyReference xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy" URI="http://myDomain/mypolicy"/>

  <wsp:PolicyAttachment/>
</service>


> 2. A property in the rampart config section within the policy to set a
> 'config' callback handler that would be called to retrieve the
> rampart/wss4j configuration properties. It would be nice if this
> callback request included the service for which the configuration is be
> requested.
>

Rampart has a mechanism to update the RampartConfg using a callback [2]
which was added recently. I will write some documentation on how to use it.

thanks,
nandana

[1] - https://wso2.org/library/3786
[2] - http://issues.apache.org/jira/browse/RAMPART-177


-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/
http://www.wso2.org