The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

gang.yang (1) [Avatar] Offline

I bought the book and am trying to see how I can add a new WS-security implementation to the WS binding. With the help of the book and the sample extensions from the source, I've got a policy extension hooked into Tuscany runtime using Tuscany 1.6. However, I seem to have a hard time to place my policy interceptor at the right place to be able to add security to the SOAP message. While poking around inside the debugger and with experiments, I found the following:

1. If I return "referece.binding.policy" when getPhase() is called, Tuscany runtime will place my policy interceptor after the WS binding invoker (Axis2BindingInvoker) in the invocation chain. Since Axis2BindingInvoker does not continue the invocation in the chain, my policy interceptor is never called.

2. If I return "reference.policy" instead, my policy interceptor is placed before the WS binding invoker and will be called. But any headers I add are ignored by Axis2BindingInvoker. Also I can't access the SOAP body element, only the body content, which is not good enough if I need to add ID to the SOAP body for signature reference.

I'm looking for pointers and suggestions on how to go about adding a new WS-security. I do understand that Axis2 WS extension provides WS-security through Rampart, but I need to provide our own security implementation.

More detailed questions:

1. Are binding policy phase implemented in the current Tuscany? If so, who is responsible to enable "reference.binding.policy" or "service.binding.policy" phase interceptor, Tuscany runtime or the binding extension, such as Axis2BindingInvoker?
2. I also tried 1.6.1 and failed. Would 2.0.Beta1 have fixed the problem?
3. Is there a way to exten Axis2 WS binding so that I can hook my WS-security implementation as an Axis2 module, just like Ramport module, at Axis2 service level?

Hope I'll hear from someone, especially the authors.

simon.nash (37) [Avatar] Offline
Re: How to add new security extension to Tuscany
This question was posted to the Tuscany user list as well, and has been answered there.