axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Loughran <>
Subject Re: Web Services Security
Date Fri, 26 Sep 2003 00:31:12 GMT wrote:
>>Steve Wrote:
>>Nice to see your advise on killing happyaxis.jar; every so often I 
>>google for it to see if it is an issue.
> Hi Steve,
> Can I quote this on the website, attributing the quote 
> to "inventor of happyaxis.jar" :-)

yep. I think I already mention it in the security doc that ships with 
axis. At the very least, it should be renamed; putting it somewhere 
password protected even better. That way you get the diagnostics when 
things go wrong.

>>Also nice to see the WS-Security stuff -it *almost* puts verisign back 
>>in my good books despite the fact their new sitefinder changes the 
>>nature of all support calls from people who get your endpoint url wrong.
> I had a tough time deciding among Apache's XML-Security, IBM's Security toolkit 
> and VeriSign TSIK. Finally, TSIK was the only one I could get working at the 
> time of writing the chapter.

I've just been experimenting with how sitefinder screws up bad 

.NET/WSE bails out on the 302. Axis dies differently, but I need to go 
home and test without a proxy to see what happens there.

View raw message