網頁

2011年1月18日 星期二

OpenSSO (OpenAM) web service security 資源

http://www.stormacq.com/?p=385

這個文章的部份內容,因為還沒實作,怕這個網站消失不見,所以就先截取下來了。


An Open Source implementation is also available from ForeRock’s OpenAM.
To summarize, a Secure Token Service is a third-party broker where Web Services clients can authenticate and receive a security token to be sent to a Web Service Provider.  The Web Service Provider will, in turn, validate the token and to evaluate authentication and authorization decisions.
The best STS description / tutorial I found on the web is on a deprecated page of Microsoft’s MSDN.  If you don’t know about STS, I highly recommend to read this serie of articles.
After installing / setting up OpenSSO / OpenAM, you will be ready to configure the STS part.
There are three approaches to interact with STS Server

Approach #1 – STS’s WSDL definition

This is the platform agnostic approach.  Just rely on STS’s WSDL definition to generate whatever client code you will need.
Unfortunately, on Java SE 6, this approach fails because of incompatibilities in OpenSSO’s STS WSDL definition and JAX-WS.
ForgeRock’s community is tracking this issue under Bug ID 287 and Bug ID 306
Stay tuned on ForgeRock’s JIRA for more details on this approach.

Approach #2 : Using JAX-RPC and JSR 196 provider

JSR 196 is a SPI specification allowing to hook a filter inside a container.  This filter will be invoked for all incoming and outgoing JAX RPC call, allowing it to be used for logging or security purposes for example.
OpenSSO and OpenAM do provide a JSR 196 provider for web service authentication (JSR 196) and authorization (JSR 115).  This provider is able to work with an STS provider.  The provider is available as part of openssowssprovider.jar JAR file.
While a little cumbersome to configure, this approach is working out of the box.  As long as you strictly follow the documentation.  Thesetroubleshooting steps will probably be useful as well.
However, this approach has a major drawback : it is JAX RPC based, i.e. quite old, now that the (Java) world has embraced JAX WS.  In other words, Oracle only supports this when the web service provider and the web service consumer are deployed into a GlassFish v2 instance.
So, if you want to use JAX WS, you will require a little more work.

Approach #3 – JAX WS

JAX-WS also provides hooks to intercept outgoing and incoming SOAP requests.  These hooks are named “Handler“.
The good news about Handlers is that they are web-app specific, unlike JAX-RPC JSR 196 provider which are installed at container level; hence for all your web applications.
You can think of an Handler as a Servlet Filter, dedicated to web service calls.  They can be part of a web app, to protect web services providers, or stand alone client, to protect web service consumers.  IBM has a very good documentation about using Handlers with JAX WS web services.
To test OpenSSO / OpenAM STS service with JAX WS handlers, I suggest you to read this tutorial.
All in all, this is an excellent step by step article, covering deployment in TomcatGlassFish and Websphere.
Unfortunately, you will soon realize that these step by step instructions are not working.
Problem #1 : Oracle removed the download link to openssowssagents.jar file.  Yes you read it right.  As of today, there is no binary distribution for the JAX WS Handlers and WSS Agents.  The JAR file is only available from ForgeRock.
Problem #2 : JAX-WS ClientHandler and ServerHandler are not included in openssowssagents.jar file.  So even, if you are downloading ForgeRock’s JAR file, you won’t get these two JAX WS handlers.
So the only solution is to download the source code and built it yourselves.  Building OpenSSO / OpenAM is not an easy task.  This product has many dependencies and historical (legacy) branches.  Anyway, your build will not be supported by Oracle nor ForgeRock.  For your convenience, here is a openssowssagents.jar file with the JAX WS classes included.
Should you have a valid support contract with Oracle and/or ForgeRock, do not hesitate to open a support case and see what / if /how they will handle this situation.

2011年1月17日 星期一

AIR SDK 2.5 URLRequest IOError 問題

AIR SDK 2.5 URLRequest 問題討論

我使用的是 burrito 開發,也會出現這樣的問題,找了半天才看到這篇文章~~

感謝天呀

2011年1月12日 星期三

Flex 存檔 charset問題

目前想在flex 上直接作存檔動作,flash 10 以後的版本可以直接存檔而不用透過server,在實作上有遇到中文亂碼的問題,本來以為使用 bytearray.writeUTFBytes() 的方式就可以解決問題,但後來發現不行,只能用筆記本打開才不會亂碼,用wordpad, excle 打開都是亂碼,看來是我太淺了.............

charset information

後來有找到解決方式如下:

var f:FileReference = new FileReference();

var _txtByte :ByteArray = new ByteArray();
......
......

 _txtByte.writeMultiByte(str,"cn-big5");  //繁体中文
f.save(_txtByte, "test.csv");



如果檔案要存成 excel的可以參考如下的文章
參考網址:  as3xls 中文解決方式
其方式改寫 excelFile.saveToByteArray 多一個 charset 參數 ,繁体中文可以設定 cn-big5

2011年1月11日 星期二

Clear Data Builder 3 自動產生的 Class 放那呢?

在 WEB-INF\lib

services-generated.jar
services-original.jar

2011年1月5日 星期三

FormsAuthentication RedirectFromLoginPage 使用

參考文章

就是要加上ReturnUrl=回存網址 才有用,要不然會被 導到 default 的網頁