Hi,
Having different security requirements for the same endpoint doesn't
make any sense. A service should treat all incoming messages in the same
way.
Saying that, we do not support the operational level security. The
smallest unit of security requirements is for a service. So if you need
to have different security requirements, you need to have different
services. Then again, you have to be careful exposing your business
logic. If a secured service is exposed with another then an attacker can
easily pick the latter.:)
Cheers,
Kau
Dave Meier wrote:
Hi,
I want to support WS-SECURITY on request coming in to my server, but I
also want clients to be able to send SOAP requests with no WS-SECURITY
and provide the userid/password by inserting them into the request as
regular elements. I also want my REST calls to work without RAMPART
doing anything with them. Is there a way to configure the server this
way?
So I want to support the following all with one services.xml file:
1. SOAP WS-SECURITY requests.
2. SOAP requests with no WS-SECURITY header.
3. REST calls.
Thanks,
-Dave.
**********************************************************************
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.
**********************************************************************
--
http://blog.kaushalye.org/
http://wso2.org/
