Hi,
I am a new user to Axis2 and have a couple of questions
about how to use axis2 to web-service enable some of our APIs.
1) The WS Security spec (which Rampart supports) mainly talks
about authentication. I wonder how I should implement authorization
which uses the combination of username/password/function to see if a
user can access the web service invoked.
2) If I want to separate the authorization into a different tier
architecturally (ie onto a separate box) and only forward the authorized
soap requests to another machine for processing, how would I do it? So
in effect, there are 2 tiers in my system, the first tier talks to the
outside world and performs access control checks. The second tier does
the business rules processing for authorized messages. In the first
tier, it will involve repackaging an authorized incoming SOAP message
and sending it out to a different machine and processing the resulting
response. In the second tier, it is more or less a normal web service.
Is it possible to write a handler to intercept the coming SOAP message,
and reroute the SOAP message to a different machine and thus completely
bypassing the Message Receiver on the first tier? Or should the
rerouting be done at the Message Receiver level? Hopefully, I don't
have to write something at the web services level in the first tier to
perform the rerouting because I don't want to parse the SOAP message
since no business rules are being executed.
Thanks in advance for your help.
Regards,
Dennis Ho.
