Hi Thomas, I haven't had any luck with one-way security policies using Axis2, though I didn't try this particular combination. You might find my latest Java Web Services article on devWorks of interest: http://www.ibm.com/developerworks/java/library/j-jws18/index.html This one covers WS-Policy in some detail, and includes my tests with some one-way policies. Your case is simpler than the ones I used, so you might find that CXF or Metro would work for what you want.
You could also try attaching the policies directly to the actual Axis2 message object in your client code (rather than including them in the WSDL for client code generation), and see if that works. - Dennis -- Dennis M. Sosnoski Java SOA and Web Services Axis2/CXF/Metro Training and Consulting http://www.sosnoski.com - http://www.sosnoski.co.nz Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117 On 10/21/2010 07:26 AM, Thomas J Pinkl wrote: > I'm trying to consume a web service using Axis2 1.4.1 and Rampart 1.4. > The service requires WS-Security in the form of a signed request (no > encryption), using x.509 tokens. > > I generated the client code from a WSDL file provided by the service. > Unfortunately, it did not contain any security anotations. > > I am able to send a valid request to the service but I'm having a > problem with the response. > > The response from the web service is NOT signed or encrypted. However, > my attempts at configuring a policy file where the security is one-way, > have been unsuccessful. > > With my current policy, I receive an AxisFault while processing the > response: > > org.apache.axis2.AxisFault: Missing wsse:Security header in request > at > org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) > at > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99) > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > at > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) > at > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > at > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > at ... > > I've tried removing the "Security" phase from InFlow and InFaultFlow > in my axis2.xml file, but it seems that Rampart is still invoked. > > Can anyone suggest how I can consume this lopsided (security-wise) > service? > > --------------------------------------------------------------------- To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org For additional commands, e-mail: java-user-h...@axis.apache.org
