[
http://issues.apache.org/jira/browse/AXIS2-151?page=comments#action_12319718 ]
Ruchith Udayanga Fernando commented on AXIS2-151:
-------------------------------------------------
The security module has to be deployed/engaged as a global module is Axis2.
Therefore right now it expects all the services to provide configuration
information.
To disable a security handlers the 'action' property has to be set to
'NoSecurity' which expects every service will have to have the follwing line in
the service.xml:
<parameter name="action" locked="xsd:false">NoSecurity</parameter>
BUT we can change this behaviour by introducing a new parameter called
'engageSecurity' to the service.xml where if the value of this is false (
<parameter name="engageSecurity" locked="xsd:false">false</parameter>) or
missing then the security handlers will not process the message whereas if the
value is true:
<parameter name="engageSecurity" locked="xsd:false">true</parameter>
then the security handlers will expect the configuration parameters to be
available.
IMHO this mechanism will ensure that ONLY those who need security module for
their services will need to provide configuration information in the service.xml
comments?
> WS-Security Module based on WSS4J
> ---------------------------------
>
> Key: AXIS2-151
> URL: http://issues.apache.org/jira/browse/AXIS2-151
> Project: Apache Axis 2.0 (Axis2)
> Type: New Feature
> Reporter: Davanum Srinivas
> Assignee: Ruchith Udayanga Fernando
>
> Similar to addressing, could we please add a WS-Security module as well?
> (Base, UsernameToken, X509 using WSS4J)
> thanks,
> dims
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
