On Wed, Oct 9, 2013 at 6:01 PM, Evanthika Amarasiri <[email protected]>wrote:
> Hi, > > In previous releases (pre-Carbon 4.2.0), when you send a non-secured > message to a secured service, it returned a soapFault. But since Carbon > 4.2.0, we noticed that it returns only the HTTP header - *HTTP/1.1 401 > Unauthorized *& no soapFault. Is this correct? Is there a specific reason > why we are NOT returning a soapFault anymore? > Yes. this is the expected behavior. If you have enabled the POX security handler. It would look for Basic auth headers and returns 401. It seems to be that, with carbon 4.2.0, we have enabled the POX security handler for application/soap+xml. I am not sure what is the reason for this.. but it seems to be fine. As there can be SOAP requests with Basic Auth headers. POX security handler is the possible way to secure services in Carbon product with Basic Authentication. Also, If you do not want to use POX security handler, we could remove it from the service (As it is an axis2 module). However, i agree that POX security handler is little bit confusing. AFAIK, it is just a hack to secured web services using Basic authentication. It would be great to have proper solution for this. Thanks, Asela. > Related JIRA - [1] > > [1] - https://wso2.org/jira/browse/CARBON-14509 > > Regards, > Evanthika > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, Asela ATL Mobile : +94 777 625 933
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
