Dumindu Pallewela wrote:
On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote:
Senaka Fernando wrote:
Hi again,
Also adding to this discussion, we must be fair to REST users too,
Kaushalye and that makes sense. :)...
:) Yes. But still I do not accept exposing the password even for REST users.
I mean this is transport level authentication. The call come to the
service after the transport layer authentication is done. So let's keep
the authentication logic there.
Yes, in a strict sense, exposing transport headers is a violation of
concern. However, pragmatically, this is too much information hidden
from the service, specially in REST world. Why don't we allow the user
to decide if this functionality is needed?
I would suggest adding another param in the axis2.xml. In default
configuration it will not be enabled, and if someone intends to use
this feature he will have to enable it using the axis2.xml. Any
comments?
I think this is a better solution than using #ifdef blocks.
-Kau
--
http://blog.kaushalye.org/
http://wso2.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
