Skip to Content.
Sympa Menu

perfsonar-dev - Re: [pS-dev] Some critical modifications to perfSONAR

Subject: perfsonar development work

List archive

Re: [pS-dev] Some critical modifications to perfSONAR


Chronological Thread 
  • From: "Jeff W. Boote" <>
  • To: Roman Lapacz <>
  • Cc: Cándido Rodríguez Montes <>, Perfsonar Development List <>
  • Subject: Re: [pS-dev] Some critical modifications to perfSONAR
  • Date: Wed, 21 Mar 2007 13:40:08 -0600

Roman Lapacz wrote:
Cándido Rodríguez Montes wrote:
Hi Jeff,

El 21/03/2007, a las 16:03, Jeff W. Boote escribió:

- But resources need to get the security token in case it has been sent. In the perfSONAR architecture, XML messages sent by clients are mapped to the class 'org.ggf.ns.nmwg.base.v2_0.Message' and then it passed to a message handler. Finally, the service receives the message when it's called the function 'takeAction(String actionType, Message request)'. In this scenary, it's not possible that services get the security token or check the SOAP header which contains the security token. So, I think that there are two possible solutions:
+ We can change the 'Message' class so it includes the security token if it's sent in the request.
+ We can change this presented workflow and change the function 'takeAction' to 'takeAction(String actionType, Message request, SecurityToken token)'.
+ Any other ideas?
What's your feeling about this?

I would prefer the method for takeAction stay the same if at all possible. What I would like to see is the following:

* The security token should not be seen by the main handler
* We should install a request-handler in the 'global' layer of axis that knows how to decode this soap header. (It should be in the chain before our current 'pivot' handler.)
* We should make an API available to the current service level code for authorization questions. Ideally without changing the current API. Services that don't care about AA should not be forced to see it.


Ok, I've found a way to get the SOAP header without any change:
MessageContext mc=MessageContext.getCurrentContext();
try {
SOAPHeader sh=(SOAPHeader)mc.getCurrentMessage().getSOAPHeader();
String temp=org.apache.axis.utils.XMLUtils.DocumentToString(sh.getAsDocument());
logger.debug("====");
logger.debug(temp);
logger.debug("====");
} catch (Exception e) {
logger.debug("ERROR: "+e.getMessage());
}

So, in this way, the AuthZ API can check if any security token has been sent in the SOAP header :-)

Good find Candido.

Hi,

I suggest to try create some generic (abstract) architecture not to limit perfSONAR services only to Axis current implementation (in future we might want to replace this implementation with Axis2 or other web service/SOAP engine).

The AuthZ API is the abstract part from the point of view of the service implementation.

The portion Candido is referring to here has to be specific to Axis because we are parsing the SOAP envelope with Axis. This portion of his API would need to be different for different parsing engines.

Perhaps you are saying he should try and abstract this out within his code so that it is easier to migrate it to different SOAP engines in the future? I agree.

jeff



Archive powered by MHonArc 2.6.16.

Top of Page