Hi, I've set up a webservice with Rampart and WS-Policy to use Password Digest for authentication. However, I've noticed that when the WSDL is generated by Axis, the WS-Policy doesn't actually make any mention of this. Is this how it's supposed to work?
The Ws Policy shown in the WSDL is this: <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="UsernameToken"> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"/> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> This portion that was in the services.xml seems to have been left out: <wsp:Policy> <sp:HashPassword/> </wsp:Policy> Does this indicate a problem with Rampart passing on the policy information to Axis2 (or Axis2 when creating the WSDL), or is everything working as it should? Is WS-Policy in a WSDL also meant to indicate if Password Digest is used? If the idea is that WSDL represents a contract between clients and a service, then shouldn't the usage of Password digest be more explicit? thanks, Ellecer
