Tuesday, August 25, 2009

How to add a secured and a non secured end point to the same service?

Here we want to let requests having no security headers to come to our service, and we handle it at the application logic by sending a customized response.

If Rampart supports policy alternatives then this can be done easily. But Rampart does not.

Anyway - there is way we could still do it - by applying different policies to different bindings.

1.Add two different policies to the WSDL. For non-secured end point we use an empty policy as shown below.

<wsp:Policy 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
wsu:Id="NonSecure">
<wsp:ExactlyOne>
<wsp:All />
</wsp:ExactlyOne>
</wsp:Policy>
2. Hand edit the WSDL and add a new binding element - which references the #NonSecure policy.

<wsdl:binding name="echoSoap12BindingNonsecured" type="ns:echoPortType">
<wsp:PolicyReference URI="#NonSecure" /> 
....
</wsdl:binding>
3. Hand edit the WSDL and add a new wsdl:port element - which references echoSoap12BindingNonsecured.

<wsdl:port name="echoHttpSoap12EndpointNonSecured" binding="ns:echoSoap12BindingNonsecured">
<soap12:address location="http://localhost:8080/axis2/services/echo.echoHttpSoap12EndpointNonSecured/" />
</wsdl:port>
4. You can find the modified wsdl from here.

5.Now edit your services.xml with appropriate wsp:PolicyAttachment(s).

6.Modify the services.xml to useOrignalWSDL.

7.You can find the complete services.xml from here.

8.To invoke the secured end point use the EPR http://localhost:8080/axis2/services/echo.echoHttpSoap12Endpoint

9.To invoke the non-secured end point use the EPR http://localhost:8080/axis2/services/echo.echoHttpSoap12EndpointNonSecured

If you are not handling this type of a scenario properly at the application logic - then this is not a recommended approach.
Posted by Prabath Siriwardena at 12:36 AM
Labels:

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)