perfsonar development work

[Roman Lapacz <>]

Jeff W. Boote wrote:
> Roman Lapacz wrote:
> > Cándido Rodríguez Montes wrote:
> > > Hi Jeff,
> > >
> > > El 21/03/2007, a las 16:03, Jeff W. Boote escribió:
> > >
> > > > > - But resources need to get the security token in case it has been 
> > > > > sent. In the perfSONAR architecture, XML messages sent by clients 
> > > > > are mapped to the class 'org.ggf.ns.nmwg.base.v2_0.Message' and 
> > > > > then it passed to a message handler. Finally, the service receives 
> > > > > the message when it's called the function 'takeAction(String 
> > > > > actionType, Message request)'. In this scenary, it's not possible 
> > > > > that services get the security token or check the SOAP header 
> > > > > which contains the security token. So, I think that there are two 
> > > > > possible solutions:
> > > > > + We can change the 'Message' class so it includes the security 
> > > > > token if it's sent in the request.
> > > > > + We can change this presented workflow and change the function 
> > > > > 'takeAction' to 'takeAction(String actionType, Message request, 
> > > > > SecurityToken token)'.
> > > > > + Any other ideas?
> > > > > What's your feeling about this?
> > > >
> > > > I would prefer the method for takeAction stay the same if at all 
> > > > possible. What I would like to see is the following:
> > > >
> > > > * The security token should not be seen by the main handler
> > > > * We should install a request-handler in the 'global' layer of axis 
> > > > that knows how to decode this soap header. (It should be in the 
> > > > chain before our current 'pivot' handler.)
> > > > * We should make an API available to the current service level code 
> > > > for authorization questions. Ideally without changing the current 
> > > > API. Services that don't care about AA should not be forced to see it.
> > >
> > > Ok, I've found a way to get the SOAP header without any change:
> > > MessageContext mc=MessageContext.getCurrentContext();
> > > try {
> > > SOAPHeader sh=(SOAPHeader)mc.getCurrentMessage().getSOAPHeader();
> > > String 
> > > temp=org.apache.axis.utils.XMLUtils.DocumentToString(sh.getAsDocument()); 
> > >
> > > logger.debug("====");
> > > logger.debug(temp);
> > > logger.debug("====");
> > > } catch (Exception e) {
> > > logger.debug("ERROR: "+e.getMessage());
> > > }
> > >
> > > So, in this way, the AuthZ API can check if any security token has 
> > > been sent in the SOAP header :-)
>
> Good find Candido.
>
> > Hi,
> >
> > I suggest to try create some generic (abstract) architecture not to 
> > limit perfSONAR services only to Axis current implementation (in 
> > future we might want to replace this implementation with Axis2 or 
> > other web service/SOAP engine).
>
> The AuthZ API is the abstract part from the point of view of the 
> service implementation.
>
> The portion Candido is referring to here has to be specific to Axis 
> because we are parsing the SOAP envelope with Axis. This portion of 
> his API would need to be different for different parsing engines.
>
> Perhaps you are saying he should try and abstract this out within his 
> code so that it is easier to migrate it to different SOAP engines in 
> the future?

yup

Roman

> I agree.
>
> jeff