axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sanjay Vivek" <>
Subject WS-Security Policy that supports 2 alternatives.
Date Tue, 22 Apr 2008 13:20:15 GMT
Hi everyone,

Is it possible to define a WS-Security Policy that supports 2
alternatives? The 1st alternative requires the  Web Service client to
use UsernameToken while the 2nd alternative allows any client at all to
consume the service. I know this is can be done with WS-Security Policy
but I would like to know if the 2nd alternative is possible, i.e.
allowing any client at all to consume the service. So in the 2nd
scenario, clients that send SOAP requests without WS-Sec specific
headers will still be able to consume the service.

Clients who are not Rampart enabled can instead use Basic Auth to
consume the service (i.e. Scenario 2). Any insight would be greatly
appreciated. Cheers.

Sanjay Vivek
Web Analyst
Middleware Team
University of Newcastle Upon Tyne

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message