Hi Gaurav, > If I configure a web service > to expect a security header(basically signed, encrypted soap message) and > the soap message that is sent to the web service is not having any > encryption or signature as expected by web service, should the web service > process that soap message or flag a soap fault saying the message is not > secured as expected.
It MUST flag a soap fault. > In case of axis, it processes the soap message without caring for security > header part of soap message although it is configured for security settings. > Is it a proper behavior or not? No. This is not the proper behavior. Can you be more specific about the Rampart configuration you have. There is an issue [1] if you use the parameter based Rampart configuration which will be fixed soon. Thanks, Nandana [1] - http://marc.info/?l=axis-user&m=119984032825336&w=2 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
