One would think that if you mark the endpoint to be CONFIDENTIAL, that regular request would not go through.
However, in the JBossWS user guide, the following statement sticks out to me (Taken from: http://labs.jboss.com/portal/jbossws/user-guide/en/html/secure-ejb.html): anonymous wrote : | At last, make sure that your WSDL files point to the right url. Otherwise your webservice client may be redirected to the unsecure HTTP access method. The easiest way is to add "https://"; to the SOAP Address entry: | If simply omitting the "s" in the https:// portion of the url can redirect to the unsecured version of the endpoint, then hitting the unsecured endpoint on port 80 or 8080 seems like it would work, too. So, judging from the docs, it seems like the server can decide to still allow the unsecured endpoint? Not sure if this is a feature, or a bug. Maybe someone from JBoss can shed more light on this? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963783#3963783 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3963783 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
