[ http://issues.apache.org/jira/browse/AXIS2-1858?page=comments#action_12457610 ] Ali Sadik Kumlali commented on AXIS2-1858: ------------------------------------------
Thank you very much Dimuthu. Tried again but got the same results. A couple of differences in our tests: 1) I used JMS and you used HTTP. 2) I used in-only operation but you used in-out. Let me try this with; - the latest Axis2 1.1 release - the latest Rampart 1.1 release - ping test in userguide - JMS protocol I'll post the results and the test code (if possible) Regards, Ali Sadik Kumlali > Security validation is made only if security header is found > ------------------------------------------------------------ > > Key: AXIS2-1858 > URL: http://issues.apache.org/jira/browse/AXIS2-1858 > Project: Apache Axis 2.0 (Axis2) > Issue Type: Bug > Components: modules > Affects Versions: 1.1 > Environment: Not important. > Reporter: Ali Sadik Kumlali > Assigned To: Dimuthu Leelarathne > > Hi, > Although service is expecting a signed message, I don't get any exception if > no WS-Security header has been added to the message. > Here are the use cases and how Rampart behaves: > Common: > - Service requires a signed message[1] > > Case1: Client adds <module ref="rampart"/> but doesn't add <parameter > name="OutflowSecurity"> to the axis2.xml > - Client sends message > - Message doesn't have necessary WS-Security headers but only a single > one[2] > Result > - Rampart doesn't log or throw any exception and the message passes to the > message receiver (Unexpected(?) behaviour) > > Case2: Client doesn't add either <module ref="rampart"/> or <parameter > name="OutflowSecurity">... > - Client sends message > - Message doesn't have any WS-Security header. > Result > - Rampart doesn't log or throw any exception and the message passes to the > message receiver (Unexpected(?) behaviour) > > Regards, > Ali Sadik Kumlali > > [1] > <module ref="rampart"/> > <parameter name="InflowSecurity"> > <action> > <items>Signature</items> > <signaturePropFile>server_security.properties</signaturePropFile> > </action> > </parameter> > > [2] <wsse:Security soapenv:mustUnderstand="1" > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
