ode-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Boisvert" <boisv...@intalio.com>
Subject Re: ws-security and ode bpel
Date Tue, 15 Jan 2008 15:36:02 GMT
On 1/14/08, Jackson, Douglas <djackso2@ugs.com> wrote:
>
> If I wished to implement secure web services with ode what is the
> easiest or best way to do that?
> I would imagine that you could enable some mar on the axis2 to check
> for ws-security credentials on the input message.  What if you wanted
> access to the user name within the bpel process?  Would you have to pass
> it in the message as well as in the soap header?  Alternatives?


Yes, a custom Axis2 module would be required at the moment.    This module
could get information from the WS-Security module and place the username
into the message (header/payload).

What about the outbound message - would you have to write the wsdl such
> that you are putting parts of the message into the outbound header?


Yes, you would define message part(s) for additional security information
required by the outbound modules.

Is servicemix / jbi the better way to go with this kind of stuff?


At the BPEL level, it would be the same.

At the implementation level, you need to decide whether the JBI or Axis2
works better for you.   (Personally I find using interceptor-like modules in
Axis2 easier than in JBI since there's no wiring needed.)

alex

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message