axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya" <nandana....@gmail.com>
Subject Re: web service security
Date Fri, 11 Jan 2008 16:59:53 GMT
Hi Gaurav,

> If I configure a web service
> to expect a security header(basically signed, encrypted soap message) and
> the soap message that is sent to the web service is not having any
> encryption or signature as expected by web service, should the web service
> process that soap message or flag a soap fault saying the message is not
> secured as expected.

It MUST flag a soap fault.

> In case of axis, it processes the soap message without caring for security
> header part of soap message although it is configured for security settings.
> Is it a proper behavior or not?

No. This is not the proper behavior. Can you be more specific about the Rampart
configuration you have. There is an issue [1] if you use the parameter
based Rampart
configuration which will be fixed soon.

Thanks,
Nandana


[1] - http://marc.info/?l=axis-user&m=119984032825336&w=2

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message