This may be a stupid question, but what are the differences between Apache Rampart/C and Apache Rampart/Java?
Thanks. -----Original Message----- From: Joana M. F. Trindade [mailto:[EMAIL PROTECTED] Sent: Wed 7/2/2008 1:19 PM To: [email protected] Subject: Re: Apache Rampart Hi Ronanne, Googling for password + callback + class + java you can find this guide: http://www.ivoa.net/internal/IVOA/IvoaGridAndWebServices/Java-security-howto.html Item 4.3 explains how WSS4J employs callback handlers for managing passwords. HTH, Joana On Wed, Jul 2, 2008 at 8:15 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote: > Regarding the Password Callback Class, I was wondering if anyone had a > diagram of how this class fits into the greater scheme. For instance, where > does it come into play starting from the client request until the response > is received? I guess I'm looking for a more detailed explanation of the role > of the password callback class. Are there any books on this subject? > > Thanks > > > -----Original Message----- > From: Sanjay Vivek [mailto:[EMAIL PROTECTED] > Sent: Mon 6/30/2008 9:56 PM > To: [email protected] > Subject: RE: Apache Rampart > > Hi Roxanne, > > The tutorial at [1] provides a very good introduction to implementing > Rampart enabled Web Services. You're well on your way to implementing > Rampart enabled WS if you walk through the tutorial. > > Policy.xml merely describes the security policy of the service. It tells > the client how to invoke the service and the various security > requirments of the service. > > Rampart uses a password callback class to authenticate username tokens > (i.e. a username/password combo). On the service side, the service > expects the username/password to be sent as input and validates > accordlingly. A code snippet is given below: > > if (callbacks[i] instanceof WSPasswordCallback) { > WSPasswordCallback pc = (WSPasswordCallback) > callbacks[i]; > logInfo(pc); > // We are doing authentication only, so the usage code > must > // match the WSPasswordCallback.USERNAME_TOKEN_UNKNOWN > value > > // i.e. "5" > if (pc.getUsage() != > WSPasswordCallback.USERNAME_TOKEN_UNKNOWN) { > throw new UnsupportedCallbackException(callbacks[i], > "Usage code was not USERNAME_TOKEN_UNKNOWN - > value > was " > + pc.getUsage()); > } > // Get the username and password that were sent > String username = pc.getIdentifer(); > String password = pc.getPassword(); > > // Now pass them to your authentication mechanism > authenticate(username, password); // throws > WSSecurityException.FAILED_AUTHENTICATION on failure > } else { > throw new UnsupportedCallbackException(callbacks[i], > "Unrecognized Callback"); > } > > On the client side, the client makes the request and as such, needs the > callback class to find and "fill" in the password. A code snippet is > given below: > > if (callbacks[i] instanceof WSPasswordCallback) { > WSPasswordCallback pc = (WSPasswordCallback) > callbacks[i]; > logInfo(pc); > // We need the password to fill in, so the usage code > must > // match the WSPasswordCallback.USERNAME_TOKEN value > // i.e. "2" > if (pc.getUsage() != WSPasswordCallback.USERNAME_TOKEN) > { > throw new UnsupportedCallbackException(callbacks[i], > "Usage code was not USERNAME_TOKEN - value was " > + pc.getUsage()); > } > // Get the username that was sent > String username = pc.getIdentifer(); > // Now find the password from the user store, and set it > String password = findPassword(username); > pc.setPassword(password); > } else { > throw new UnsupportedCallbackException(callbacks[i], > "Unrecognized Callback"); > } > > You will have to implement the authentication mechanism yourself. Hope > this helps. > > > [1] - http://wso2.org/library/3190 > > > Cheers > Sanjay > > >-----Original Message----- > >From: Roxanne Yee [mailto:[EMAIL PROTECTED] > >Sent: 01 July 2008 02:22 > >To: [email protected] > >Subject: FW: Apache Rampart > >Importance: High > > > >To Whom It May Concern, > > > > Hello, I'm completely new to Apache and Web Services in > >general and I'm trying to implement WS-Security, using Axis2 > >in Tomcat as the server side and soapUI as the client side. > >It seems that Apache Rampart can accomplish this task. > >However, I am very unfamiliar with all the steps and > >parameters needed for Rampart to function as I would like. Is > >it possible to ask for a detailed walkthrough on exactly what > >each parameter in the 'action' > > element does? > > > > I know that there is a table with a brief description of the > >parameters and an example, but I find the information given a > >bit too terse and I don't understand what is needed, what's a > >variable, what's a keyword, etc. > > > > Thank you. > > > > > > > > -- Joana M. F. da Trindade Email: [EMAIL PROTECTED] Personal Homepage: http://www.inf.ufrgs.br/~jmftrindade LinkedIn: http://www.linkedin.com/in/joanatrindade
