ode-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexis Midon <mi...@intalio.com>
Subject Re: securing outbound messages
Date Fri, 13 Feb 2009 18:27:52 GMT
Hi Douglas,

yes, you can engage additional modules and set a policy for outgoing
messages.
This area of ODE has been under development lately so I'll split my answer
into 2 parts: one for the current release 1.2, one for the coming release,
1.3.

### In ODE 1.2 ####
this is done on a service basis, using the mechanism describre in the user
guide [1]
Here is an example:
let's assume you want to add a policy for outgoing messages to service {
http://douglas.com}ServiceA .
To do that, create a file named ServiceA.axis2 in the bundle directory of
your process. This file must be a service.xml document [2] containing the
policy. See [3] for example of such a file.
The ServiceA.axis2 file will get loaded when the service is invoked and
monitored for changes.
Due to Axis2 limitations, the modules eventually listed in ServiceA.axis2
won't be engaged. So you need to engage them in the global config file [4]
(and restart ODE).
Keep in mind that the modules must be available in WEB-INF/modules ;
keystores and additional classes (like callback handlers) must be in the
classpath.


### In ODE 1.3 (yet to be released) ####
In the coming release, these axis2 limitations are workarounded and modules
listed in ServiceA.axis2 are engaged (for the targeted service only).
We also optimized the policy case by adding an endpoint property
"security.policy" to specify a policy file, and engaging rampart
automatically.
See ODE user guide for details [5] and test cases [6] for live examples.

This information will be added to the User guide soon.

I hope it's clear enough. Let us know if need help.

Alexis

[1]
http://ode.apache.org/user-guide.html#UserGuide-AdditionalConfigurationforSOAPEndpoints
[2] http://ws.apache.org/axis2/1_0/axis2config.html#Service_Configuration
[3]
http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-services/process-sample04_policy_in_service.xml/sample04-policy.axis2?view=log
[4]
http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/main/webapp/WEB-INF/conf/axis2.xml?view=markup
[5] http://ode.apache.org/user-guide.html#UserGuide-EndpointConfiguration<https://issues.apache.org/jira/browse/ODE-388>
[6] The unit test class:
http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/java/org/apache/ode/axis2/rampart/policy/
     The unit tes resources:
http://svn.apache.org/viewvc/ode/branches/APACHE_ODE_1.X/axis2-war/src/test/resources/TestRampartPolicy/secured-services/


On Thu, Feb 12, 2009 at 4:07 PM, Jackson, Douglas <
douglas.s.jackson@siemens.com> wrote:

> Hi!
> I am investigating security on outgoing messages from ode.  Is there a way
> to enable Rampart or some other processing on outgoing messages?
>
> As an alternative I was thinking of creating a Java XPATH extension that
> would use wss4j to create a WS-Security compatible element based on the
> credentials stored in the BPEL process that I could pass out via a header
> element in the WSDL to the targeted service.
>
> However, this would not allow for things like encryption.
>
> -Doug.
>
>


-- 

Alexis

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message