Re: SecurityOutflow Configuration

Fri, 18 Apr 2008 01:05:20 -0700

The alternative approach for this is to use the policy configuration. Here you will have to load the standard security policy statically from a file. Other than that you can provide all other information (username, password) dynamically.
You can load the standard UsernameToken over https policy [1] from a file with the following : 

StAXOMBuilder builder = new StAXOMBuilder(/path/to/policyfile);

org.apache.neethi.Policy policy = 
PolicyEngine.getPolicy(builder.getDocumentElement());



And then set this policy object in the Options instance of the 
ServiceClient instance:


options.setProperty(RampartMessageData.KEY_RAMPART_POLICY,policy);

Now set the user name and password in the Options instance:

options.setUserName("foo");
options.setPassword("bar");

Thats it!


If we want to get rid of the part where we load the standard security 
policy from a file, we can do that as well. Here we will have to 
construct the policy using policy assertions from org.apache.ws.secpolicy*


Thanks,
Ruchith


1. 
http://wso2.org/repos/wso2/trunk/wsas/java/modules/core/conf/rampart/scenario1-policy.xml


Sean Conlon wrote:

I am using the deprecated class OutflowConfiguration in order to set my
dynamic usernames and passwords in the OutflowSecurity parameter.  Below

are the methods that I use to do this.  

 


What is an alternative approach for me to set my username and password

dynamically?  Why was the OutflowConfiguration class deprecated?  

 


Others have documented this problem, but I have not found a viable

solution that makes sense.  

 

Thanks! 

 


////////////////////////////////////////////////////////


//////////////////////// getStub () //////////////////// 


////////////////////////////////////////////////////////


 


    private PartnerAPIStub getStub() throws EmailException {

        PartnerAPIStub myStub = null;


 


        try {

            EndpointReference endPointReference = new
EndpointReference(endpoint);

            ConfigurationContext configurationContext =
ConfigurationContextFactory.createConfigurationContextFromFileSystem(

                null, ABSOLUTE_AXIS2_CLIENT_CONFIG_PATH);


 


            myStub = new PartnerAPIStub(configurationContext, endpoint);

            ServiceClient serviceClient = myStub._getServiceClient();


 


            Options options = serviceClient.getOptions();


 


            options.setTo(endPointReference);


 


            this.updateOutflowSecurity(myStub);

        }

        catch (AxisFault e) {

            // TODO JL - temp code

            throw new EmailException(e);

        }


 


        return myStub;

    }


 


////////////////////////////////////////////////////////


////////////////// updateOutflowSecurity() ///////////// 


////////////////////////////////////////////////////////


 


private void updateOutflowSecurity(PartnerAPIStub stub) {


 


        ServiceClient serviceClient = stub._getServiceClient();

        Options options = serviceClient.getOptions();


 


        OutflowConfiguration ofc = new OutflowConfiguration();

        ofc.setActionItems("UsernameToken");


        ofc.setUser(apiUsername); 


        ofc.setPasswordType("PasswordText");


 


        options.setProperty(WSSHandlerConstants.OUTFLOW_SECURITY,

ofc.getProperty());


 

       //pwcbhandler is of type PWCBHandler that is injected via Spring 


       options.setProperty(WSHandlerConstants.PW_CALLBACK_REF,

pwcbhandler);

    }


 









Attachment:
signature.asc

Description: OpenPGP digital signature






















					Reply via email to