Hi Narayan,
Sorry for not replying sooner. Thanks a lot for the patch. Will take
a look tonight
and hopefully apply it to the trunk.
Thanks,
Nandana
On Jan 29, 2008 7:41 PM, Narayan Dhillon <[EMAIL PROTECTED]>
wrote:
> Hi devs,
>
> I will appreciate if some one from core development team have a look at
> the patch and apply it.
> This will greatly help me to finish my evaluation on Rampart.
>
> Regards, Narayan
>
> -----Original Message-----
> From: Narayan Dhillon [mailto:[EMAIL PROTECTED]
> Sent: 28 January 2008 19:24
> To: [email protected]
> Subject: RE: Rampart: Unability to specify custom implementation of
> PolicyBasedResultsValidator(Rampart-135)
>
> Hi Ruchith, devs,
>
> I have created enhancement JIRA for this and also attached the patch.
> Could some one please apply it?
>
> https://issues.apache.org/jira/browse/RAMPART-135
>
> Thanks, Narayan
>
> -----Original Message-----
> From: Narayan Dhillon [mailto:[EMAIL PROTECTED]
> Sent: 24 January 2008 18:04
> To: [email protected]
> Subject: RE: Rampart: Unability to specify custom implementation of
> PolicyBasedResultsValidator
>
> Hi Ruchith,
>
> I would like to progress on this and to summarize what we want:
>
> (1) Make org.apache.rampart.PolicyBasedResultsValidator to extend
> callbackhandler interface.
>
> (2) Add parameter to Rampart config to provide
> PolicyBasedResultsValidatior callback handler. If nothing specified it
> will use default implementation in (1) above.
>
> If you happy with this I could crack this over the weekend and submit
> the patch?
>
> Regards, Narayan
>
> -----Original Message-----
> From: Narayan Dhillon [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2008 09:30
> To: [email protected]
> Subject: RE: Rampart: Unability to specify custom implementation of
> PolicyBasedResultsValidator
>
> Hi Ruchith,
>
> I just wanted to do cert validation separately. Your solution below
> seems to be perfect for that.
>
> I think ideally policy results validation should be as per ws-security
> standards, and should be driven by ws-securitypolicy, if there is an
> issue then it should be fixed in Rampart. However there is no harm in
> making it extendable as you suggested below using a callback approach.
>
> Rampart could provide default implementation and leaving up to the user
> to override with custom implementation of callback class.
>
> Regards, Narayan
>
> -----Original Message-----
> From: Ruchith Fernando [mailto:[EMAIL PROTECTED]
> Sent: 17 January 2008 02:14
> To: [email protected]
> Subject: Re: Rampart: Unability to specify custom implementation of
> PolicyBasedResultsValidator
>
> Hi Narayan,
>
> Do you want to be able to validate complete results? Or only cert
> validation? If so I think we can give a solution where you can specify
> the Trust verification separately through the configuration.
>
> We can use a callback approach in this case as well where the callback
> handler interface that you will have to implement will have a method
> that accepts the cert and RampartMessageData instance and can return
> whether validation is successful or not.
>
> Thoughts?
>
> Thanks,
> Ruchith
>
> Narayan Dhillon wrote:
> > Hi,
> >
> >
> >
> > Cert validation is important part in WS-Security and different
> > organizations have different rules for that, and that could be
> fulfilled
> > by ability to have custom implementation of
> PolicyBasedResultsValidator.
> >
> >
> >
> > All the documentation and intention in the Rampart code seems to
> suggest
> > that org.apache.rampart.PolicyBasedResultsValidator.verifyTrust()
> method
> > could be overridden in custom implementations. However currently
> > PolicyBasedResultsValidator is hard-wired into RampartEngine; which
> > makes it impossible to override unless RampartReceiver & RampartEngine
> > are overridden as well.
> >
> >
> >
> > I can think of 2 options -
> >
> > (1) Ability to provide custom policy validation by sub classing
> > RampartReceiver, and then RampartReceiver passes it to RampartEngine.
> > This is same way as done in Old config based rampart as verifyTrust()
> > method could be overridden by extending WSDoAllReceiver.
> >
> >
> >
> > (2) Using Rampart config to specify PolicyBasedResultsValidator class.
> >
> >
> >
> > Option (1) is fairly easy to implement and will also make Rampart
> > capability backward compatible with old Rampart.
> >
> >
> >
> > I'll highly appreciate if development team could please comment on
> this?
> >
> >
> >
> > Regards, Narayan
> >
> >
> >
> >
> > *****************************************************
> > This email is issued by a VocaLink group company. It is confidential
> and intended for the exclusive use of the addressee only. You should not
> disclose its contents to any other person. If you are not the addressee
> (or responsible for delivery of the message to the addressee), please
> notify the originator immediately by return message and destroy the
> original message. The contents of this email will have no contractual
> effect unless it is otherwise agreed between a specific VocaLink group
> company and the recipient.
> >
> > The VocaLink group companies include, among others: VocaLink Limited
> (Company No 06119048, VAT No. 907 9619 87) which is registered in
> England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
> 1023742, VAT No. 907 9619 87) which is registered in England and Wales
> at registered office Drake House, Three Rivers Court, Homestead Road,
> Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
> Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
> registered in England and Wales at registered office Arundel House, 1
> Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
> Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
> in England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom.
> >
> > The views and opinions expressed in this email may not reflect those
> of any member of the VocaLink group. This message and any attachments
> have been scanned for viruses prior to leaving the VocaLink group
> network; however, VocaLink does not guarantee the security of this
> message and will not be responsible for any damages arising as a result
> of any virus being passed on or arising from any alteration of this
> message by a third party. The VocaLink group may monitor emails sent to
> and from the VocaLink group network.
> >
> > This message has been checked for all email viruses by MessageLabs.
> > *************************************************************
>
>
>
> *****************************************************
> This email is issued by a VocaLink group company. It is confidential and
> intended for the exclusive use of the addressee only. You should not
> disclose its contents to any other person. If you are not the addressee
> (or responsible for delivery of the message to the addressee), please
> notify the originator immediately by return message and destroy the
> original message. The contents of this email will have no contractual
> effect unless it is otherwise agreed between a specific VocaLink group
> company and the recipient.
>
> The VocaLink group companies include, among others: VocaLink Limited
> (Company No 06119048, VAT No. 907 9619 87) which is registered in
> England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
> 1023742, VAT No. 907 9619 87) which is registered in England and Wales
> at registered office Drake House, Three Rivers Court, Homestead Road,
> Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
> Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
> registered in England and Wales at registered office Arundel House, 1
> Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
> Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
> in England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom.
>
> The views and opinions expressed in this email may not reflect those of
> any member of the VocaLink group. This message and any attachments have
> been scanned for viruses prior to leaving the VocaLink group network;
> however, VocaLink does not guarantee the security of this message and
> will not be responsible for any damages arising as a result of any virus
> being passed on or arising from any alteration of this message by a
> third party. The VocaLink group may monitor emails sent to and from the
> VocaLink group network.
>
> This message has been checked for all email viruses by MessageLabs.
> *************************************************************
>
> *****************************************************
> This email is issued by a VocaLink group company. It is confidential and
> intended for the exclusive use of the addressee only. You should not
> disclose its contents to any other person. If you are not the addressee
> (or responsible for delivery of the message to the addressee), please
> notify the originator immediately by return message and destroy the
> original message. The contents of this email will have no contractual
> effect unless it is otherwise agreed between a specific VocaLink group
> company and the recipient.
>
> The VocaLink group companies include, among others: VocaLink Limited
> (Company No 06119048, VAT No. 907 9619 87) which is registered in
> England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
> 1023742, VAT No. 907 9619 87) which is registered in England and Wales
> at registered office Drake House, Three Rivers Court, Homestead Road,
> Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
> Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
> registered in England and Wales at registered office Arundel House, 1
> Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
> Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
> in England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom.
>
> The views and opinions expressed in this email may not reflect those of
> any member of the VocaLink group. This message and any attachments have
> been scanned for viruses prior to leaving the VocaLink group network;
> however, VocaLink does not guarantee the security of this message and
> will not be responsible for any damages arising as a result of any virus
> being passed on or arising from any alteration of this message by a
> third party. The VocaLink group may monitor emails sent to and from the
> VocaLink group network.
>
> This message has been checked for all email viruses by MessageLabs.
> *************************************************************
>
> *****************************************************
> This email is issued by a VocaLink group company. It is confidential and
> intended for the exclusive use of the addressee only. You should not
> disclose its contents to any other person. If you are not the addressee
> (or responsible for delivery of the message to the addressee), please
> notify the originator immediately by return message and destroy the
> original message. The contents of this email will have no contractual
> effect unless it is otherwise agreed between a specific VocaLink group
> company and the recipient.
>
> The VocaLink group companies include, among others: VocaLink Limited
> (Company No 06119048, VAT No. 907 9619 87) which is registered in
> England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom, Voca Limited (Company no
> 1023742, VAT No. 907 9619 87) which is registered in England and Wales
> at registered office Drake House, Three Rivers Court, Homestead Road,
> Rickmansworth, Hertfordshire. WD3 1FX. United Kingdom, LINK Interchange
> Network Limited (Company No 3565766, VAT No. 907 9619 87) which is
> registered in England and Wales at registered office Arundel House, 1
> Liverpool Gardens, Worthing, West Sussex, BN11 1SL and VocaLink Holdings
> Limited (Company No 06119036, VAT No. 907 9619 87) which is registered
> in England and Wales at registered office Drake House, Homestead Road,
> Rickmansworth, WD3 1FX. United Kingdom.
>
> The views and opinions expressed in this email may not reflect those of
> any member of the VocaLink group. This message and any attachments have
> been scanned for viruses prior to leaving the VocaLink group network;
> however, VocaLink does not guarantee the security of this message and
> will not be responsible for any damages arising as a result of any virus
> being passed on or arising from any alteration of this message by a
> third party. The VocaLink group may monitor emails sent to and from the
> VocaLink group network.
>
> This message has been checked for all email viruses by MessageLabs.
> *************************************************************
>
> *****************************************************
> This email is issued by a VocaLink group company. It is confidential and
> intended for the exclusive use of the addressee only. You should not
> disclose its contents to any other person. If you are not the addressee (or
> responsible for delivery of the message to the addressee), please notify the
> originator immediately by return message and destroy the original message.
> The contents of this email will have no contractual effect unless it is
> otherwise agreed between a specific VocaLink group company and the
> recipient.
>
> The VocaLink group companies include, among others: VocaLink Limited
> (Company No 06119048, VAT No. 907 9619 87) which is registered in England
> and Wales at registered office Drake House, Homestead Road, Rickmansworth,
> WD3 1FX. United Kingdom, Voca Limited (Company no 1023742, VAT No. 907 9619
> 87) which is registered in England and Wales at registered office Drake
> House, Three Rivers Court, Homestead Road, Rickmansworth, Hertfordshire. WD3
> 1FX. United Kingdom, LINK Interchange Network Limited (Company No 3565766,
> VAT No. 907 9619 87) which is registered in England and Wales at registered
> office Arundel House, 1 Liverpool Gardens, Worthing, West Sussex, BN11 1SL
> and VocaLink Holdings Limited (Company No 06119036, VAT No. 907 9619 87)
> which is registered in England and Wales at registered office Drake House,
> Homestead Road, Rickmansworth, WD3 1FX. United Kingdom.
>
> The views and opinions expressed in this email may not reflect those of
> any member of the VocaLink group. This message and any attachments have been
> scanned for viruses prior to leaving the VocaLink group network; however,
> VocaLink does not guarantee the security of this message and will not be
> responsible for any damages arising as a result of any virus being passed on
> or arising from any alteration of this message by a third party. The
> VocaLink group may monitor emails sent to and from the VocaLink group
> network.
>
> This message has been checked for all email viruses by MessageLabs.
> *************************************************************
>
--
Nandana Mihindukulasooriya
Software Engineer
WSO2 inc.
http://nandana83.blogspot.com/
http://nandanasm.wordpress.com/
