Hello,
I'm looking for documentation and/or code examples that show how an
Axis2 web service can load and apply different security policies at run
time. This capability is demonstrated by rampart sample client
applications as follows:
StAXOMBuilder builder = new StAXOMBuilder (policyFilename);
Policy thePolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
Options options = new Options();
ServiceClient client = new ServiceClient(m_configContext,
null);
options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,
thePolicy);
client.setOptions(options);
...
Sadly, the approach above does not work for a service, and I have not
found any code examples that demonstrate how this might be done. For
the service, I've been trying something along these lines:
StAXOMBuilder builder = new StAXOMBuilder (policyFilename);
Policy thePolicy =
PolicyEngine.getPolicy(builder.getDocumentElement());
ConfigurationContext ctx =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(
Constants.getAxisRepository(), Constants.getAxisConfigFile());
ctx.getAxisConfiguration().getPolicyInclude().setPolicy(thePolicy);
System.out.println ("Policy set to: " +
ctx.getAxisConfiguration().getPolicyInclude().getPolicy().getId() );
...
The setPolicy() call appears to change the policy object in the axis
configuration, at least getID() returns the new policy ID. However,
SOAPMonitor shows that service responses do not contain any of the
policy-required elements, e.g., timestamps or signatures. The Axis2
admin page reports that both the addressing and rampart modules are
enabled for this service...
Has anyone done anything like this before? Is something additional
needed in order to enable the policy? Is this even doable??
Any pointers or ideas would be greatly appreciated !!
TIA,
Jackson Wynn
Lead Infosec Engineer - G026
The MITRE Corporation
Bedford, MA
