I'm very interested in what JAAS can give me, but up til now we have made our own
proprietary SecurityContext, modeled after the ejbContext and JAAS. Security takes
_SO_ much time to get a grip on...
A generic Provider that takes a Property from the MessageContext and instantiates a
typed Object passing the Property to the Constructor would fit our needs. Something
like this:
<service name="MyService" provider="Handler">
<parameter name="handlerClass"
value="myaxispackage.RPCContextProvider" />
<parameter name="property"
value="transport.http.servletrequest" />
<parameter name="parameterClass"
value="myservicepackage.SecurityContext" />
<parameter name="className"
value="myservicepackage.MyService"/>
<parameter name="allowedMethods" value="*"/>
</service>
Could work :) But maybe it's less work to just make your own Provider...
donV
> Hi Uwe,
>
> Thanks a lot for your help, as you said,
> the documentation is not very useufull
> at this point. Interrestingly I use my own Provider
> for the same reason you do: To give the service
> itself access to security information. Looks like
> we should think about a more generic solutions,
> something like a provider that allows passing
> configurable attributes of the messageContext to
> the service in a appended Parameter.
>
> Tell me what you think about this !
>
> Stefan
>
> Uwe Kubosch schrieb:
> > Hi Stefan!
> >
> > > I wrote my own provider but I cant test it, because
> > > I didnt find anything about deploying providers.
> > >
> > > How can I tell Axis to use my Provider for some service
> > ?
> > > Is there a possibility to tell axis that java:MyRPC is
> >
> > > of class package.MyRPCProvider in the
> > server-config.wsdd ?
> >
> > I just did this, and I must say the documentation was not
> > a great help. I'll try to summerize what I did. If
> > anybody has tips on a better way to do it, please add
> > your advice.
> >
> > My service is a standard Java class, but all methods have
> > an extra argument at the end. This argument is a
> > SecurityContext, and is not provided by the user of the
> > service. It is provided by a custom provider.
> >
> > The custom provider is a class implementing the Handler
> > interface.
> >
> > In my case I subclass the RPCProvider class, and override
> > the invokeMethod() method, and add my extra argument
> > before calling super.invokeMethod().
> >
> > To deploy the service with a custom provider set your
> > provider attribute in the service tag to "Handler", and
> > add a parameter tag with the name of the custom provider
> > class. The first parameter tag below indicates which
> > provider to use. The second indicates the backend
> > service class to use, as with the standard RPCProvider.
> >
> > Example:
> >
> > <service name="MyService" provider="Handler">
> > <parameter name="handlerClass"
> > value="mypackage.MyProvider" />
> >
> > <parameter name="className"
> > value="mypackage.MyServiceImpl" />
> > <parameter name="allowedMethods" value="*" />
> > </service>
> >
> > I would have expected to be able to put the class name
> > directly in the provider attribute of the service tag,
> > and also be able to refer to a previously defined handler
> > like this:
> >
> > <handler name="MyHandler"
> > type="mypackage.MyProvider" />
> >
> > <service name="MyService"
> > provider="java:mypackage.MyProvider">
> > <parameter name="className"
> > value="mypackage.MyServiceImpl" />
> > <parameter name="allowedMethods" value="*" />
> > </service>
> >
> > <service name="MyService" provider="MyHandler">
> > <parameter name="className"
> > value="mypackage.MyServiceImpl" />
> > <parameter name="allowedMethods" value="*" />
> > </service>
> >
> > If someone can tell me how this can be done, I'd be very
> > happy :)
> >
> >
> > donV
> >
>
