security - wso2 esb policy with user groups -

-

i'm trying create policy xml secure proxy service. take policy xml example i'm not able add user on user groups. when give url of policy marks security if properties type of security usernametoken user groups empty.

    <wsp:policy wsu:id="utovertransport" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsp:exactlyone>     <wsp:all>         <sp:transportbinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">             <wsp:policy>                 <sp:transporttoken>                     <wsp:policy>                         <sp:httpstoken requireclientcertificate="false"></sp:httpstoken>                     </wsp:policy>                 </sp:transporttoken>                 <sp:algorithmsuite xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">                     <wsp:policy>                         <sp:basic256></sp:basic256>                     </wsp:policy>                 </sp:algorithmsuite>                 <sp:layout>                     <wsp:policy>                         <sp:lax></sp:lax>                     </wsp:policy>                 </sp:layout>                 <sp:includetimestamp></sp:includetimestamp>             </wsp:policy>         </sp:transportbinding>         <sp:signedsupportingtokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">             <wsp:policy>                 <sp:usernametoken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" sp:includetoken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/includetoken/alwaystorecipient">                 </sp:usernametoken>             </wsp:policy>         </sp:signedsupportingtokens>     </wsp:all> </wsp:exactlyone> <rampart:rampartconfig xmlns:rampart="http://ws.apache.org/rampart/policy">     <rampart:encryptionuser>usereqsigcert</rampart:encryptionuser>     <rampart:timestampprecisioninmilliseconds>true</rampart:timestampprecisioninmilliseconds>     <rampart:timestampttl>300</rampart:timestampttl>     <rampart:timestampmaxskew>300</rampart:timestampmaxskew>     <rampart:timestampstrict>false</rampart:timestampstrict>     <rampart:tokenstoreclass>org.wso2.carbon.security.util.securitytokenstore</rampart:tokenstoreclass>     <rampart:noncelifetime>300</rampart:noncelifetime>     <rampart:user>admin</rampart:user>     <rampart:passwordcallbackclass>org.wso2.carbon.digestpwd.pwcbhandler</rampart:passwordcallbackclass> </rampart:rampartconfig> </wsp:policy>

according user name token specification, talks authentication. user/password sent in user name token validated. not talk access control (rbac). therefore can not define roles, in policy. can use policy verify authentication...

as have talked wso2 esb, in esb have provided modifications support access control in user name token policy.. place have extended password call handler. in wso2 custom password handler, checks both authentication , access control.. can find source of wso2 password handler here. guess, can secure proxy services using management console esb has provided.. in management console, can configure user name token security policy , can defined allowed roles.. these roles not saved in policy, rather database in wso2 esb has.


Comments

Post a Comment

Popular posts from this blog

c# - How to get the current UAC mode -

-
can check current uac type set in device before running application through c#. i got know approach check whether current user administrator or not. but, need know uac type set (i.e. default/never notify) internal logic. is possible? please help. this article self-elevation , checking level program runs in. due security reasons i'm afraid won't able retrieve uac level set. http://code.msdn.microsoft.com/windowsdesktop/csuacselfelevation-644673d3
Read more

postgresql - Lazarus + Postgres: incomplete startup packet -

-
i've been building lazarus pascal program using postgresql on back-end. used work fine following lines opening db. dbconn:= tpqconnection.create(nil); dbconn.hostname := 'localhost'; dbconn.databasename:= 'dbhrs'; dbconn.username:='mizk'; dbconn.password:='123'; dbconn.open; if dbconn.connected openhrsdb := true else openhrsdb := false; but moment change localhost server's ip (on lan), program stops. no errors or warnings. have no clue happening. here related details may narrow down problem. the program i'm running workstation on same lan server. both machines run ubuntu 12.04 desktop i can access postgres db on server using pgadmin iii, guess it's not firewall issue. i have allowed postgresql ufw , ufw disabled. strangely, when firewall disabled, can ssh server terminal using workstation. when it's enabled, can't my biggest concern right why pascal program not working when i...
Read more

javascript - Ajax jqXHR.status==0 fix error -

-
$.ajax({ url: urlstring, datatype: "json", type: "get", success: function (data) { alert(data); }, error: function (jqxhr, exception) { if (jqxhr.status === 0) { alert('not connect.\n verify network.'); } else if (jqxhr.status == 404) { alert('requested page not found. [404]'); } else if (jqxhr.status == 500) { alert('internal server error [500].'); } else if (exception === 'parsererror') { alert('requested json parse failed.'); } else if (exception === 'timeout') { alert('time out error.'); } else if (exception === 'abort') { alert('ajax request aborted.'); } else { alert('uncaught error.\n' + jqxhr.responsete...
Read more