After some advice on how to approach the coding of the problem, I donβt want to go directly to the coding without thinking about it, because I need it to be as universal and customizable as possible,
Scenario: I have a web service that acts as a gateway for downstream services to authenticate and authorize a SOAP message destined for down-stream services, basically forcing the downstream service to run it on its own. Each SOAP message contains many different WS-Security mechanisms, which typically include WS-UsernameToken, WS-Timestamp, and XML body signature.
My problem is that I want to figure out a good extensible way to test all of these security mechanisms, I donβt know how to do this, how to evaluate it.
I was thinking about what a controller class has that is initialized and controls the check flow, i.e.
ISecurityController controller = SecurityControllerFacotry.getInstance();
boolean proceed = controller.Validate(soapMessage);
using it is very similar to a template template template that pushes logic flow ie
public Boolean Validate(Message soapMessage)
{
return ValidateAuthentication(soapMessage) && ValidateTimeStamp(soapMessage) && ValidateSignture(soapMessage);
}
Will this be the best app to the problem?
It would also be better if each of these verification methods was in a class of its own that implemented a common interface? So that the class can be created and retrieved from some factory ie check
IValidationMechanism val = ValidationFactory.getValidationType(ValidationFactory.UsernameToken);
boolean result = val.Validate(soapMessage);
This will give me an easily extensible aspect.
Would this be an acceptable solution, or could anyone think of other ways to implement it?
I am intersect in design patterns and good oo principles, so I would like to go down the route using them if possible.
Thank you in advance
John
EDIT: - , , , , . SOAP, SOAP- WS-. , .