axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya" <>
Subject Re: web service security
Date Fri, 11 Jan 2008 16:59:53 GMT
Hi Gaurav,

> If I configure a web service
> to expect a security header(basically signed, encrypted soap message) and
> the soap message that is sent to the web service is not having any
> encryption or signature as expected by web service, should the web service
> process that soap message or flag a soap fault saying the message is not
> secured as expected.

It MUST flag a soap fault.

> In case of axis, it processes the soap message without caring for security
> header part of soap message although it is configured for security settings.
> Is it a proper behavior or not?

No. This is not the proper behavior. Can you be more specific about the Rampart
configuration you have. There is an issue [1] if you use the parameter
based Rampart
configuration which will be fixed soon.


[1] -

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message