+1 from me.
On 1/30/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> Axis2 default dispatching order is now changed to the following :
>
> RequestURIBasedDispatcher
> SOAPActionBasedDispatcher
> AddressingBasedDispatcher
> SOAPMessageBodyBasedDispatcher
>
> The motivation behind this change is to insert the security-IN-flow
> handler after the SOAPActionBasedDispatcher. This will enable us to
> configure security parameters on a per operation basis. (Assumption:
> BOTH service AND operation dispatch will be complete after the
> SOAPActionBasedDispatcher).
>
> Example use case: When messages are secured with WS-Sec most of the
> time all the headers will be signed (including the WSA headers) . In
> such a situation IMHO we should not read any of those headers until we
> verify the signature. Now to verify signature we need to get the
> security parameters of that service/operation which requires the
> service/operation to be found(dispatched).
>
> Ideally we need to have a separate dispatch phase where we list all
> the transport based dispatchers ('transportBasedDispatch' phase). This
> transportBasedDispatch phase can include any dispatcher that will work
> on the information from the underlying transport and WITHOUT reading
> the SOAP Envelope. Now we can introduce a new phase "Security" right
> AFTER transportBasedDispatch, where the security-in-handler will
> reside.
>
> Thoughts & Comments?
>
> Thanks,
> Ruchith
>
--
Davanum Srinivas : http://wso2.com/blogs/
