axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Savitsky, Alex" <>
Subject [Rampart] What is the correct way to secure a JAX-WS service?
Date Wed, 07 May 2008 16:56:18 GMT

Usually, Axis2 services are secured using Rampart, by engaging the module, and specifying
the policy in services.xml. However, this won't do for services deployed via JAX-WS annotations,
as there's no services.xml file there. The module could still be deployed, as long as it's
placed in WEB-INF/modules - but where would one have to place the policy file, for it to be
picked up by the Rampart? Are there any annotations one has to specify on the service endpoint,
to specify that the service is using WS-Security?

I looked at the @HandlerCHain annotation, but the Rampart handlers are not based on the JAX-WS
handler interfaces, but on some internal Axis2 ones, and thus cannot be used in JAX-WS handler

And final question - does Rampart even support JAX-WS style services?



This communication including any information transmitted with it is 
intended only for the use of the addressees and is confidential. 
If you are not an intended recipient or responsible for delivering 
the message to an intended recipient, any review, disclosure, 
conversion to hard copy, dissemination, reproduction or other use 
of any part of this communication is strictly prohibited, as is the 
taking or omitting of any action in reliance upon this communication. 
If you receive this communication in error or without authorization 
please notify us immediately by return e-mail or otherwise and 
permanently delete the entire communication from any computer, 
disk drive, or other storage medium.

If the above disclaimer is not properly readable, it can be found at
Ce courriel, ainsi que tout renseignement ci-inclus, destiné uniquement 
aux destinataires susmentionnés,  est confidentiel.  Si vous 
n’êtes pas le destinataire prévu ou un agent responsable de la 
livraison de ce courriel, tout examen, divulgation, copie, impression, 
reproduction, distribution, ou autre utilisation d’une partie de ce 
courriel est strictement interdit de même que toute intervention ou 
abstraction à cet égard.  Si vous avez reçu ce message par erreur ou 
sans autorisation, veuillez en aviser immédiatement l’expéditeur par 
retour de courriel ou par un autre moyen et supprimer immédiatement 
cette communication entière de tout système électronique.

Si l'avis de non-responsabilité ci-dessus n'est pas lisible, vous 
pouvez le consulter à
View raw message