Hi Mary,
I think best way to solve this problem is to use message level
policies. You can attach policies at message level, so they will be
effective either on in the in flow or our flow. But still we have the
problem that we can't specify policies for fault flows, For example, if we
specify a policy for in message it will be applicable for both in message
and in fault messages.
In Axis2 , we have two kinds phases global phases and operation phases.
This article [1] by Deepal explains the whole concept. Phases before
dispatch phases are known as global phases and they will be called for each
and every message. Security is a global phase. We need security as a global
phase become dispatching mechanism like body based dispatching which used to
dispatch operations need messages to be decrypted before they can act on the
message. But having the security phase doesn't have any effect if rampart is
not engaged. As it is described in the article, it is the rampart module
that adds handlers to the phase. Even if the Rampart is engaged, if the
effective security policy of the message is null, then those handlers will
not have any effect.
thanks,
nandana
[1] - http://www.packtpub.com/article/handler-and-phase-in-apache-axis
On Sat, Oct 25, 2008 at 4:17 AM, Mary Thompson <[EMAIL PROTECTED]> wrote:
> I ran into the same problem when I switched to ws-policy. First I had to
> add the security phase to infaultflow and then the unsigned fault messages
> were not acceptable. I "fixed" it by moving the security phase in the
> infaultflow to the end the phase order after OperationInFaultPhase
> effectively causing it to be ignored.
>
> I wonder if the piece of code that insists you add a security phase when
> you don't want any security is wrong. Or if there is some way to indicate a
> null security phase.
>
> Mary Thompson
>
>
>
> RonnieMJ wrote:
>
>> Ok I added an axis2.xml file in my repo, however commenting out any
>> Security
>> phase causes errors indicating that the Security phase is missing.
>>
>> I'm wondering if you would ALSO have to remove any phase info from the
>> modules.xml file in the rampart mar?
>>
>> In this case I'm the client, but receiving a response. Wouldn't I want to
>> remove the security phase from the InFlow not out?
>>
>>
>>
>> Chris82KS wrote:
>>
>>> Hello,
>>> inside the axis2.xml you have the different flows (inFlow, OutFlow,
>>> InFault and OutFault). Just remove the phase "Security" from the OutFlow
>>> and the OutFaultFlow.
>>>
>>> Greetings
>>> Christian
>>>
>>>
>>> ----- original Nachricht --------
>>>
>>> Betreff: Rampart one way only
>>> Gesendet: Do, 23. Okt 2008
>>> Von: RonnieMJ<[EMAIL PROTECTED]>
>>>
>>> Is it possible to have rampart NOT be concerned with security on a
>>>> return
>>>> message in a synchronous transaction?
>>>>
>>>> Example:
>>>> I send to server X with security headers. They return an OK message or
>>>> a
>>>> fault. Neither of which would have security heading information.
>>>> --
>>>> View this message in context:
>>>> http://www.nabble.com/Rampart-one-way-only-tp20133511p20133511.html
>>>> Sent from the Axis - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>>
>>>>
>>>> --- original Nachricht Ende ----
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org
