The problem is fixed, it´s really necessary a policy configuration. That can be configured on file services.xml
thanks! 2007/6/18, Eduardo Muller <[EMAIL PROTECTED]>:
2007/6/18, Ruchith Fernando <[EMAIL PROTECTED]>: > > My guess is there's some missing config. Remember just engaging > rampart is not sufficient! One MUST provide the policy/configuration > for Rampart to enforce. > > Thanks, > Ruchith > > On 6/16/07, Glen Mazza <[EMAIL PROTECTED]> wrote: > > That would appear, indeed, to be an alarmingly big security hole. We > > are most probably misunderstanding something though. But as for > > forgetting some configuration, one would guess what you have done > should > > fail by default anyway (i.e., no special configuration should be > > necessary to *enable* security if the tags are missing, only perhaps > to > > *disable*). > > > > Glen > > > > Am Freitag, den 15.06.2007, 17:45 -0300 schrieb Eduardo Muller: > > > With this configuration (see > > > http://www-usr.inf.ufsm.br/~muller/rampart.jpg ), > > > > > > where the tag <UsernameToken> is replaced with > > > <incorrectTagUsernameToken>, > > > > > > the web service will be call without pass through the class > > > ServerPWCBHandler. > > > > > > That means, authentication doesnt work. Is this a rampart BUG? > > > > > > I know how to fix this in > > > the org.apache.rampart.handler.WSDoAllReceiver class. > > > But i want to know if this is necessary (means there is a BUG) or i > > > forgot some configuration?? > > > > > > Atenciosamente Eduardo!! > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > -- > www.ruchith.org > www.wso2.org > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Hi, my services.xml file is http://www.inf.ufsm.br/~muller/services.xml The spring-we.xml http://www-usr.inf.ufsm.br/~muller/spring-web.xml and the web.xml http://www-usr.inf.ufsm.br/~muller/web.xml Should have a policy file? This sample doesnt specify one. http://wso2.org/library/240#comment-2657 Thanks
