[Rampart] What is the correct way to secure a JAX-WS service?

[Savitsky, Alex]

Hi,

Usually, Axis2 services are secured using Rampart, by engaging the module, and 
specifying the policy in services.xml. However, this won't do for services 
deployed via JAX-WS annotations, as there's no services.xml file there. The 
module could still be deployed, as long as it's placed in WEB-INF/modules - but 
where would one have to place the policy file, for it to be picked up by the 
Rampart? Are there any annotations one has to specify on the service endpoint, 
to specify that the service is using WS-Security?

I looked at the @HandlerCHain annotation, but the Rampart handlers are not 
based on the JAX-WS handler interfaces, but on some internal Axis2 ones, and 
thus cannot be used in JAX-WS handler chains

And final question - does Rampart even support JAX-WS style services?

Thanks,

Alex


********************
NOTICE OF CONFIDENTIALITY
This communication including any information transmitted with it is 
intended only for the use of the addressees and is confidential. 
If you are not an intended recipient or responsible for delivering 
the message to an intended recipient, any review, disclosure, 
conversion to hard copy, dissemination, reproduction or other use 
of any part of this communication is strictly prohibited, as is the 
taking or omitting of any action in reliance upon this communication. 
If you receive this communication in error or without authorization 
please notify us immediately by return e-mail or otherwise and 
permanently delete the entire communication from any computer, 
disk drive, or other storage medium.

If the above disclaimer is not properly readable, it can be found at 
www.td.com/legal
                                                           
AVERTISSEMENT DE CONFIDENTIALITE                   
Ce courriel, ainsi que tout renseignement ci-inclus, destiné uniquement 
aux destinataires susmentionnés,  est confidentiel.  Si vous 
n’êtes pas le destinataire prévu ou un agent responsable de la 
livraison de ce courriel, tout examen, divulgation, copie, impression, 
reproduction, distribution, ou autre utilisation d’une partie de ce 
courriel est strictement interdit de même que toute intervention ou 
abstraction à cet égard.  Si vous avez reçu ce message par erreur ou 
sans autorisation, veuillez en aviser immédiatement l’expéditeur par 
retour de courriel ou par un autre moyen et supprimer immédiatement 
cette communication entière de tout système électronique.

Si l'avis de non-responsabilité ci-dessus n'est pas lisible, vous 
pouvez le consulter à www.td.com/francais/legale