You are viewing a plain text version of this content. The canonical link for it is here.

Posted to rampart-dev@ws.apache.org by Bhushan Gupte <bg...@ARCCorp.com> on 2008/01/22 15:09:32 UTC

How to not Validate

Hi,

I am trying to implement SecureConversation as defined in Rampart's
"\policy\sample04" example in the samples directory of the rampart-1.3
release.

The client sends several SOAP messages to the server[1].  The messages
are currently authenticated using the UsernameToken in PWCallback class.

[1]	OMElement response = client.sendReceive(getPayload("Hello
world1"));
        System.out.println("Response 1 : " + response);
        response = client.sendReceive(getPayload("Hello world2"));
        System.out.println("Response 2 : " + response);
        response = client.sendReceive(getPayload("Hello world3"));
        System.out.println("Response 3 : " + response);

Now my question is that every time I send a SOAP message the
authentication logic in PWCallback class[2] is also executed.
Is there a way to identify that all the consecutive messages are from
the same session so that the authentication will happen only once? In
short the authentication logic[2] should be ideally called only once. 


[2]	for (int i = 0; i < callbacks.length; i++) {
            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
            String id = pwcb.getIdentifer();
            if("client".equals(id)) {
                pwcb.setPassword("apache");
            } else if("service".equals(id)) {
                pwcb.setPassword("apache");
            }
        }


Thanks in advance.

Bhushan Gupte

How to stop calling PWCallback logic for authentication using SecureConversation

Posted by Bhushan Gupte <bg...@ARCCorp.com>.

Hi,

 

I had already sent a message to the DEV group and did not receive any
reply, so I am sending the same message again as I am looking for a
solution to this problem urgently.......   

 

I am trying to implement SecureConversation as defined in Rampart's
"\policy\sample04" example in the samples directory of the rampart-1.3

release.

 

The client sends multiple SOAP messages to the server[1].  The messages
are authenticated using the UsernameToken in PWCallback class.

 

Now my question is that every time I send a SOAP message the
authentication logic in PWCallback class[2] is also executed for every
request.

Is there a way to identify that all the subsequent
messages("client.sendReceive") are from the same session so that the
authentication will happen only once by calling the PWCallback handler
class only once?  Is there a way to achieve this? 

 

In real project scenario the PWCallback class will contain calls to LDAP
for authentication and the whole purpose we are trying to implement
WS-SecureConversation in addition to WS-Security is that we can to
Secure Conversation between messages and not have to do LDAP
authentication for every message. Any help is highly appreciated.

 

Thanks in advance.

 

Bhushan Gupte

 

[1]        OMElement response = client.sendReceive(getPayload("Hello

world1"));

        System.out.println("Response 1 : " + response);

        response = client.sendReceive(getPayload("Hello world2"));

        System.out.println("Response 2 : " + response);

        response = client.sendReceive(getPayload("Hello world3"));

        System.out.println("Response 3 : " + response);

 

 

[2]        for (int i = 0; i < callbacks.length; i++) {

            WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];

            String id = pwcb.getIdentifer();

            if("client".equals(id)) {

                pwcb.setPassword("apache");

            } else if("service".equals(id)) {

                pwcb.setPassword("apache");

            }

        }