Hi,
i recently tried to secure our webservices with rampart. I did this
first for all webservice methods, and it worked well (after several
hours of unsuccessfull tries...).
But now, some of these methods have to be unsecured to enable simple
access for guest users.
I left everything unchanged except the sevice.xml, where i added a
<operation> tag for each of the secured methods and placed a <parameter>
tag inside it. Everything inside this tag was places directly under the
<service> tag at root level before.=20
Now it looks like:
<service>
[bla...]
<messageReceivers>
<messageReceiver mep=3D"http://www.w3.org/2004/08/wsdl/in-out";
class=3D"org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
</messageReceivers>
<parameter name=3D"ServiceClass">
de.tafmobile.server.services.appgenerator.sbl.ws.AppGeneratorService
</parameter>
<module ref=3D"rampart"/>
<operation name=3D"uploadMobilePhoneImage">
<messageReceiver
class=3D"org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
<parameter name=3D"InflowSecurity">
<action>
<items>UsernameToken</items>
<passwordCallbackClass>de.tafmobile.server.Axis2PasswordCallbackHandler</pa=
sswordCallbackClass>
</action>
</parameter>
</operation>
[/bla...]
</service>
The problem is, that this seems to have no effect; results of the
secured methods can be obtained without any security stuff. To
complicate this i bit more, if i call a webservice method directly via
URL (instead of using ".wsdl" after the service URL use
"/<methodname>"), an error concerning a missing security - tag is
displayed. But, just to make this clear, if i call the method via Axis2
Java Code, i get no error but results!
Thank you very much for your help,
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
