users@glassfish.java.net

Re: Managing Policies for individual SOAP operations

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Tue, 17 May 2011 13:51:57 +0530

http://weblogs.java.net/blog/kumarjayanti/archive/2009/07/attaching_secur.html


On 16-May-2011, at 8:24 PM, forums_at_java.net wrote:

>
>
> Hi All,
>
> I have created a SOAP WSDL with multiple operations associated to a single
> binding port. Now i would like to set different policies for each operation.
>
> If i have two SOAP operations viz addNums and subNums associated to a single
> binding port type, then i would attach a policy to addNums to look for
> authentication to a File Realm and to subNums to look for authentication to a
> Ldap realm. Is it possible to do that ? Please find the below WSDL.
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!-- This file is auto-generated by CASA. Edit its content manually may cause
> unrecoverable errors. -->
>
> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/"
>
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
>
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>
> targetNamespace="caSOAPSecurity"
>
> xmlns:tns="caSOAPSecurity"
> xmlns:ns="http://j2ee.netbeans.org/wsdl/bpelSOAPLDAPSecurity/wsdlArithmeticOps"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:fi="http://java.sun.com/xml/ns/wsit/2006/09/policy/fastinfoset/service"
> xmlns:tcp="http://java.sun.com/xml/ns/wsit/2006/09/policy/soaptcp/service"
> xmlns:sc="http://schemas.sun.com/2006/03/wss/server"
> xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
> xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
>
> <import
> namespace="http://j2ee.netbeans.org/wsdl/bpelSOAPLDAPSecurity/wsdlArithmeticOps"
> location="../jbiServiceUnits/bpelSOAPLDAPSecurity/wsdlArithmeticOps.wsdl"/>
>
> <portType name="dummyCasaPortType"/>
>
> <binding name="casaBinding1" type="ns:wsdlArithmeticOpsPortType">
>
> <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
>
> <operation name="addNums">
>
> <soap:operation/>
>
> <input name="input1">
>
> <soap:body use="literal" namespace="caSOAPSecurity"/>
>
> </input>
>
> <output name="output1">
>
> <soap:body use="literal" namespace="caSOAPSecurity"/>
>
> </output>
>
> </operation>
>
> <operation name="subNums">
>
> <soap:operation/>
>
> <input name="input2">
>
> <soap:body use="literal" namespace="caSOAPSecurity"/>
>
> </input>
>
> <output name="output2">
>
> <soap:body use="literal" namespace="caSOAPSecurity"/>
>
> </output>
>
> </operation>
>
> </binding>
>
> <service name="casaService1">
>
> <port name="casaPort1" binding="tns:casaBinding1">
>
> <soap:address location="http://localhost:9080/SOAPWSService/SOAPWS"/>
>
> </port>
>
> </service>
>
> </definitions>
>
>
>
>
>
>
>
> I would like to know whether the policy is attched only at a binding/service
> level rather than at an operation level ? Please find the below WSDL for SOAP
> webservice which is working fine with a single operation.
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <!-- This file is auto-generated by CASA. Edit its content manually may cause
> unrecoverable errors. -->
>
> <definitions xmlns="http://schemas.xmlsoap.org/wsdl/"
>
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
>
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>
> targetNamespace="caSOAPBC"
>
> xmlns:tns="caSOAPBC"
> xmlns:ns="http://j2ee.netbeans.org/wsdl/bpelSOAPBC/wsdlArithmeticOperation"
> xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:mysp="http://sun.com/ws/httpbc/security/BasicauthSecurityPolicy"
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
>
> <import
> namespace="http://j2ee.netbeans.org/wsdl/bpelSOAPBC/wsdlArithmeticOperation"
> location="../jbiServiceUnits/bpelSOAPBC/wsdlArithmeticOperation.wsdl"/>
>
> <portType name="dummyCasaPortType"/>
>
> <binding name="casaBinding1" type="ns:wsdlArithmeticOperationPortType">
>
> <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
>
> <operation name="arithmeticOperation">
>
> <soap:operation/>
>
> <input name="input1">
>
> <soap:body use="literal" namespace="caSOAPBC"/>
>
> </input>
>
> <output name="output1">
>
> <soap:body use="literal" namespace="caSOAPBC"/>
>
> </output>
>
> </operation>
>
> </binding>
>
> <service name="casaService1">
>
> <port name="casaPort1" binding="tns:casaBinding1">
>
> <soap:address location="http://localhost:9080/SOAPWSService/SOAPWS"/>
>
> <wsp:PolicyReference URI="#HttpBasicAuthBindingRealmPolicy"/>
>
> </port>
>
> </service>
>
> <wsp:Policy wsu:Id="HttpBasicAuthBindingRealmPolicy">
>
> <mysp:MustSupportBasicAuthentication on="true">
>
> <mysp:BasicAuthenticationDetail>
>
> <mysp:Realm realmName="file" />
>
> </mysp:BasicAuthenticationDetail>
>
> </mysp:MustSupportBasicAuthentication>
>
> </wsp:Policy>
>
> </definitions>
>
>
>
> I believe we can do the same in EJB using annotations for each webservice
> operation ( @RolesAllowed("TEST") ) and map groups to these roles. Do we have
> any ways to implement in Open Esb ?
>
> Regards,
>
> Kris.
>
>
>
>
>
>
> --
>
> [Message sent by forum member 'phani16']
>
> View Post: http://forums.java.net/node/802622
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.