Hi everyone, Is it possible to define a WS-Security Policy that supports 2 alternatives? The 1st alternative requires the Web Service client to use UsernameToken while the 2nd alternative allows any client at all to consume the service. I know this is can be done with WS-Security Policy but I would like to know if the 2nd alternative is possible, i.e. allowing any client at all to consume the service. So in the 2nd scenario, clients that send SOAP requests without WS-Sec specific headers will still be able to consume the service.
Clients who are not Rampart enabled can instead use Basic Auth to consume the service (i.e. Scenario 2). Any insight would be greatly appreciated. Cheers. Regards -------------- Sanjay Vivek Web Analyst Middleware Team ISS University of Newcastle Upon Tyne --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
