My guess is there's some missing config. Remember just engaging rampart is not sufficient! One MUST provide the policy/configuration for Rampart to enforce.
Thanks, Ruchith On 6/16/07, Glen Mazza <[EMAIL PROTECTED]> wrote:
That would appear, indeed, to be an alarmingly big security hole. We are most probably misunderstanding something though. But as for forgetting some configuration, one would guess what you have done should fail by default anyway (i.e., no special configuration should be necessary to *enable* security if the tags are missing, only perhaps to *disable*). Glen Am Freitag, den 15.06.2007, 17:45 -0300 schrieb Eduardo Muller: > With this configuration (see > http://www-usr.inf.ufsm.br/~muller/rampart.jpg ), > > where the tag <UsernameToken> is replaced with > <incorrectTagUsernameToken>, > > the web service will be call without pass through the class > ServerPWCBHandler. > > That means, authentication doesnt work. Is this a rampart BUG? > > I know how to fix this in > the org.apache.rampart.handler.WSDoAllReceiver class. > But i want to know if this is necessary (means there is a BUG) or i > forgot some configuration?? > > Atenciosamente Eduardo!! > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- www.ruchith.org www.wso2.org --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
