Hi Nandana, Yes, I looked at this thread, and it's confusing, at best. I can deploy the rampart module all right (one doesn't need the Lifecycle for that, just drop rampart.mar in the WEB-INF/modules), but the problem is - it doesn't load the policy (specified in the axis2.xml, as there's no other place to put it, really). Looking at the source code, it seems that the policyInclude that was used to hold the policy in 1.3, was deprecated in 1.4 in favor of policySubject - but there's no consensus between the Axis classes on which one to use. The policy is correctly loaded into the AxisConfiguration's policySubject property at Axis startup (verified via debugger), but the subsequent service loading (via JAXWSDeployer) doesn't seem to care about the policySubject, using the deprecated policyInclude instead. I suspect this is a bug, especially that it doesn't look like anyone from Axis team has tried this particular (JAX-WS + Rampart) configuration just yet (I hope the JAX-WS will be addressed in more details in Rampart 1.4).
Nevertheless, I will continue my investigations, bugs or not. I believe I'm close... Regards, Alex ________________________________ From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: May 7, 2008 11:51 PM To: [email protected] Subject: Re: [Rampart] What is the correct way to secure a JAX-WS service? Hi Alex, Have you looked at this thread [1] ? thanks, nandana [1] - http://markmail.org/message/dkwjvskrh3gysvnw?q=list:org%2Eapache%2Ews%2Eaxis-user+can+I+use+use+rampart On Wed, May 7, 2008 at 10:26 PM, Savitsky, Alex <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote: Hi, Usually, Axis2 services are secured using Rampart, by engaging the module, and specifying the policy in services.xml. However, this won't do for services deployed via JAX-WS annotations, as there's no services.xml file there. The module could still be deployed, as long as it's placed in WEB-INF/modules - but where would one have to place the policy file, for it to be picked up by the Rampart? Are there any annotations one has to specify on the service endpoint, to specify that the service is using WS-Security? I looked at the @HandlerCHain annotation, but the Rampart handlers are not based on the JAX-WS handler interfaces, but on some internal Axis2 ones, and thus cannot be used in JAX-WS handler chains And final question - does Rampart even support JAX-WS style services? Thanks, Alex ******************** NOTICE OF CONFIDENTIALITY This communication including any information transmitted with it is intended only for the use of the addressees and is confidential. If you are not an intended recipient or responsible for delivering the message to an intended recipient, any review, disclosure, conversion to hard copy, dissemination, reproduction or other use of any part of this communication is strictly prohibited, as is the taking or omitting of any action in reliance upon this communication. If you receive this communication in error or without authorization please notify us immediately by return e-mail or otherwise and permanently delete the entire communication from any computer, disk drive, or other storage medium. If the above disclaimer is not properly readable, it can be found at www.td.com/legal<http://www.td.com/legal> AVERTISSEMENT DE CONFIDENTIALITE Ce courriel, ainsi que tout renseignement ci-inclus, destiné uniquement aux destinataires susmentionnés, est confidentiel. Si vous n'êtes pas le destinataire prévu ou un agent responsable de la livraison de ce courriel, tout examen, divulgation, copie, impression, reproduction, distribution, ou autre utilisation d'une partie de ce courriel est strictement interdit de même que toute intervention ou abstraction à cet égard. Si vous avez reçu ce message par erreur ou sans autorisation, veuillez en aviser immédiatement l'expéditeur par retour de courriel ou par un autre moyen et supprimer immédiatement cette communication entière de tout système électronique. Si l'avis de non-responsabilité ci-dessus n'est pas lisible, vous pouvez le consulter à www.td.com/francais/legale<http://www.td.com/francais/legale>
