If the consensus of the Axis2 developers is to avoid any discussion of other alternatives on these lists I'll certainly respect that. But unless there is a policy to that effect I'll continue to mention other open source alternatives to people if it looks like Axis2 won't fulfill their requirements.
- Dennis On 11/03/2010 03:41 PM, Samisa Abeysinghe wrote: > > > On Wed, Nov 3, 2010 at 5:24 AM, Dennis Sosnoski <d...@sosnoski.com > <mailto:d...@sosnoski.com>> wrote: > > Hi Thomas, > > I haven't had any luck with one-way security policies using Axis2, > though I didn't try this particular combination. You might find my > latest Java Web Services article on devWorks of interest: > http://www.ibm.com/developerworks/java/library/j-jws18/index.html This > one covers WS-Policy in some detail, and includes my tests with some > one-way policies. Your case is simpler than the ones I used, so you > might find that CXF or Metro would work for what you want. > > > Why are we advertising CFX and Metro on Axis2 list??? Should we not > use their own lists to do that??? > > > You could also try attaching the policies directly to the actual Axis2 > message object in your client code (rather than including them in the > WSDL for client code generation), and see if that works. > > - Dennis > > -- > Dennis M. Sosnoski > Java SOA and Web Services > Axis2/CXF/Metro Training and Consulting > http://www.sosnoski.com - http://www.sosnoski.co.nz > Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117 > > > On 10/21/2010 07:26 AM, Thomas J Pinkl wrote: > > I'm trying to consume a web service using Axis2 1.4.1 and > Rampart 1.4. > > The service requires WS-Security in the form of a signed request (no > > encryption), using x.509 tokens. > > > > I generated the client code from a WSDL file provided by the > service. > > Unfortunately, it did not contain any security anotations. > > > > I am able to send a valid request to the service but I'm having a > > problem with the response. > > > > The response from the web service is NOT signed or encrypted. > However, > > my attempts at configuring a policy file where the security is > one-way, > > have been unsuccessful. > > > > With my current policy, I receive an AxisFault while processing the > > response: > > > > org.apache.axis2.AxisFault: Missing wsse:Security header in > request > > at > > org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) > > at > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99) > > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) > > at > org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) > > at > org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) > > at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) > > at > > org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) > > at > > org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) > > at > org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) > > at ... > > > > I've tried removing the "Security" phase from InFlow and InFaultFlow > > in my axis2.xml file, but it seems that Rampart is still invoked. > > > > Can anyone suggest how I can consume this lopsided (security-wise) > > service? > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org > <mailto:java-user-unsubscr...@axis.apache.org> > For additional commands, e-mail: java-user-h...@axis.apache.org > <mailto:java-user-h...@axis.apache.org> > > Samisa ... > > http://samisa-abeysinghe.blogspot.com/ > >
