Hi Subhash, When rampart is used, it creates wsse headers in the soap request from the > client side, and from the server side it validates the headers. > > I want to know where it is instructed that the rampart handlers are to be > executed to validate the security headers? > Take a look at the SOAP Processing Model [1] under the Axis2 architecture. It shows when handlers are executed how to register them in different phases. This article on Axis2 Execution Framework [2] will also give you a good understanding about the concept of phases.
[1] - http://ws.apache.org/axis2/1_3/Axis2ArchitectureGuide.html#bmSOAPPM [2] - http://www.developer.com/java/web/article.php/10935_3529321_1 module.xml of Rampart defines the handlers used to secure the soap messages and registers them in the security phase. <InFlow> <handler name="PolicyBasedSecurityInHandler" class=" org.apache.rampart.handler.RampartReceiver"> <order phase="Security" phaseFirst="true"/> </handler> <handler name="SecurityInHandler" class=" org.apache.rampart.handler.WSDoAllReceiver"> <order phase="Security"/> </handler> </InFlow> <OutFlow> <handler name="SecurityOutHandler" class=" org.apache.rampart.handler.WSDoAllSender"> <order phase="Security"/> </handler> <handler name="PolicyBasedSecurityOutHandler" class=" org.apache.rampart.handler.RampartSender"> <order phase="Security" phaseLast="true"/> </handler> </OutFlow> Regards, Nandana > > > I tried going through the axis source files but I am not able to > understand how the soap request reaches the WSDoAllReceiver class!! > > I say this because, if I trim the security headers in the soap request and > then send this request, it throws back an Axis fault saying > > "WSDoAllReceiver: Incoming message does not contain required Security > header" > > > > Can anyone try to throw light on this? > > > > Thanks, > > -Subhash- > This e-mail and any files transmitted with it are for the sole use of the > intended recipient(s) and may contain confidential and privileged > information. > If you are not the intended recipient, please contact the sender by reply > e-mail and destroy all copies of the original message. > Any unauthorized review, use, disclosure, dissemination, forwarding, > printing or copying of this email or any action taken in reliance on this > e-mail is strictly > prohibited and may be unlawful. >
