Well, I've been pretty open about reporting the Axis2 weaknesses I've found. This latest one discussed in the article seems to be a code generation issue, and may be the same as https://issues.apache.org/jira/browse/AXIS2-4065 (which has been open for more than two years, apparently without any follow-up). I'll add my own examples in separate Jiras. I also said in my response to Thomas that he might try attaching the policy directly to the message structure, rather than relying on the code generation to handle this, as a way of making it work with Axis2.
The inability to use WS-Policy 1.5 (at least for code generation) is a separate issue I've brought up on this list recently. Hopefully that's an easy fix, and perhaps it can be added for 1.5.3. - Dennis On 11/03/2010 04:32 PM, Samisa Abeysinghe wrote: > I am more interested in fixing gaps in Axis2. I have no issues in > learning the weaknesses, but I would rather fix them, rather than > encouraging users to use others. > > On Wed, Nov 3, 2010 at 8:43 AM, Dennis Sosnoski <d...@sosnoski.com > <mailto:d...@sosnoski.com>> wrote: > > If the consensus of the Axis2 developers is to avoid any > discussion of other alternatives on these lists I'll certainly > respect that. But unless there is a policy to that effect I'll > continue to mention other open source alternatives to people if it > looks like Axis2 won't fulfill their requirements. > > - Dennis > > > > On 11/03/2010 03:41 PM, Samisa Abeysinghe wrote: >> >> >> On Wed, Nov 3, 2010 at 5:24 AM, Dennis Sosnoski <d...@sosnoski.com >> <mailto:d...@sosnoski.com>> wrote: >> >> Hi Thomas, >> >> I haven't had any luck with one-way security policies using >> Axis2, >> though I didn't try this particular combination. You might >> find my >> latest Java Web Services article on devWorks of interest: >> http://www.ibm.com/developerworks/java/library/j-jws18/index.html >> This >> one covers WS-Policy in some detail, and includes my tests >> with some >> one-way policies. Your case is simpler than the ones I used, >> so you >> might find that CXF or Metro would work for what you want. >> >> >> Why are we advertising CFX and Metro on Axis2 list??? Should we >> not use their own lists to do that??? >> >> >> You could also try attaching the policies directly to the >> actual Axis2 >> message object in your client code (rather than including >> them in the >> WSDL for client code generation), and see if that works. >> >> - Dennis >> >> -- >> Dennis M. Sosnoski >> Java SOA and Web Services >> Axis2/CXF/Metro Training and Consulting >> http://www.sosnoski.com - http://www.sosnoski.co.nz >> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117 >> >> >> On 10/21/2010 07:26 AM, Thomas J Pinkl wrote: >> > I'm trying to consume a web service using Axis2 1.4.1 and >> Rampart 1.4. >> > The service requires WS-Security in the form of a signed >> request (no >> > encryption), using x.509 tokens. >> > >> > I generated the client code from a WSDL file provided by >> the service. >> > Unfortunately, it did not contain any security anotations. >> > >> > I am able to send a valid request to the service but I'm >> having a >> > problem with the response. >> > >> > The response from the web service is NOT signed or >> encrypted. However, >> > my attempts at configuring a policy file where the security >> is one-way, >> > have been unsuccessful. >> > >> > With my current policy, I receive an AxisFault while >> processing the >> > response: >> > >> > org.apache.axis2.AxisFault: Missing wsse:Security header >> in request >> > at >> >> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) >> > at >> >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99) >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >> > at >> org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >> > at >> org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >> > at >> >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) >> > at >> >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >> > at >> >> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >> > at >> >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) >> > at ... >> > >> > I've tried removing the "Security" phase from InFlow and >> InFaultFlow >> > in my axis2.xml file, but it seems that Rampart is still >> invoked. >> > >> > Can anyone suggest how I can consume this lopsided >> (security-wise) >> > service? >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: java-user-unsubscr...@axis.apache.org >> <mailto:java-user-unsubscr...@axis.apache.org> >> For additional commands, e-mail: >> java-user-h...@axis.apache.org >> <mailto:java-user-h...@axis.apache.org> >> >> Samisa ... >> >> http://samisa-abeysinghe.blogspot.com/ >> >> > Samisa ... > > http://samisa-abeysinghe.blogspot.com/ > >
