RE: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Thanks, I will take a look at synapse. -Original Message- From: indika kumara [mailto:[EMAIL PROTECTED] Sent: Monday, June 23, 2008 10:48 PM To: axis-user@ws.apache.org Subject: Re: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines Hi Dennis You can do this with Apache synapse. Apache synapse can act as your first tier that doing authorization based routing. Apache synapse also uses axis2,rampart,etc for it's web service related processing.Please post your requirement on [EMAIL PROTECTED] Thanks Indika On Tue, Jun 24, 2008 at 2:41 AM, Dennis Ho <[EMAIL PROTECTED]> wrote: Hi, I am a new user to Axis2 and have a couple of questions about how to use axis2 to web-service enable some of our APIs. 1) The WS Security spec (which Rampart supports) mainly talks about authentication. I wonder how I should implement authorization which uses the combination of username/password/function to see if a user can access the web service invoked. 2) If I want to separate the authorization into a different tier architecturally (ie onto a separate box) and only forward the authorized soap requests to another machine for processing, how would I do it? So in effect, there are 2 tiers in my system, the first tier talks to the outside world and performs access control checks. The second tier does the business rules processing for authorized messages. In the first tier, it will involve repackaging an authorized incoming SOAP message and sending it out to a different machine and processing the resulting response. In the second tier, it is more or less a normal web service. Is it possible to write a handler to intercept the coming SOAP message, and reroute the SOAP message to a different machine and thus completely bypassing the Message Receiver on the first tier? Or should the rerouting be done at the Message Receiver level? Hopefully, I don't have to write something at the web services level in the first tier to perform the rerouting because I don't want to parse the SOAP message since no business rules are being executed. Thanks in advance for your help. Regards, Dennis Ho.
Re: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Hi Dennis You can do this with Apache synapse. Apache synapse can act as your first tier that doing authorization based routing. Apache synapse also uses axis2,rampart,etc for it's web service related processing.Please post your requirement on [EMAIL PROTECTED] Thanks Indika On Tue, Jun 24, 2008 at 2:41 AM, Dennis Ho <[EMAIL PROTECTED]> wrote: > Hi, > > > > I am a new user to Axis2 and have a couple of questions about > how to use axis2 to web-service enable some of our APIs. > > > > 1) The WS Security spec (which Rampart supports) mainly talks about > authentication. I wonder how I should implement authorization which uses > the combination of username/password/function to see if a user can access > the web service invoked. > > 2) If I want to separate the authorization into a different tier > architecturally (ie onto a separate box) and only forward the authorized > soap requests to another machine for processing, how would I do it? So in > effect, there are 2 tiers in my system, the first tier talks to the outside > world and performs access control checks. The second tier does the business > rules processing for authorized messages. In the first tier, it will > involve repackaging an authorized incoming SOAP message and sending it out > to a different machine and processing the resulting response. In the > second tier, it is more or less a normal web service. Is it possible to > write a handler to intercept the coming SOAP message, and reroute the SOAP > message to a different machine and thus completely bypassing the Message > Receiver on the first tier? Or should the rerouting be done at the Message > Receiver level? Hopefully, I don't have to write something at the web > services level in the first tier to perform the rerouting because I don't > want to parse the SOAP message since no business rules are being executed. > > > > Thanks in advance for your help. > > > > Regards, > > > > Dennis Ho. > > >
Re: [Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Hi Dennis, On Tue, Jun 24, 2008 at 2:41 AM, Dennis Ho <[EMAIL PROTECTED]> wrote: > Hi, > > > > I am a new user to Axis2 and have a couple of questions about > how to use axis2 to web-service enable some of our APIs. > > > > 1) The WS Security spec (which Rampart supports) mainly talks about > authentication. I wonder how I should implement authorization which uses > the combination of username/password/function to see if a user can access > the web service invoked. > Have a look at this article "UsernameToken Authentication with Rampart" ( http://wso2.org/library/240). It may help you for your first problem. Thanks Sameera > -- Sameera Jayasoma Software Engineer WSO2 Inc. Oxygenating the Web Service Platform. http://wso2.org/ blog: http://sameera-jayasoma.blogspot.com/
[Axis2]Access Control with Axis2 and splitting the SOAP processing onto different machines
Hi, I am a new user to Axis2 and have a couple of questions about how to use axis2 to web-service enable some of our APIs. 1) The WS Security spec (which Rampart supports) mainly talks about authentication. I wonder how I should implement authorization which uses the combination of username/password/function to see if a user can access the web service invoked. 2) If I want to separate the authorization into a different tier architecturally (ie onto a separate box) and only forward the authorized soap requests to another machine for processing, how would I do it? So in effect, there are 2 tiers in my system, the first tier talks to the outside world and performs access control checks. The second tier does the business rules processing for authorized messages. In the first tier, it will involve repackaging an authorized incoming SOAP message and sending it out to a different machine and processing the resulting response. In the second tier, it is more or less a normal web service. Is it possible to write a handler to intercept the coming SOAP message, and reroute the SOAP message to a different machine and thus completely bypassing the Message Receiver on the first tier? Or should the rerouting be done at the Message Receiver level? Hopefully, I don't have to write something at the web services level in the first tier to perform the rerouting because I don't want to parse the SOAP message since no business rules are being executed. Thanks in advance for your help. Regards, Dennis Ho.
