On Thu, 2008-02-21 at 21:10 -0800, Supun Kamburugamuva wrote: > Hi Dave, > > Rampart cannot be configured in a request basis. So we cannot use > Rampart for one set of requests and do not use it for another set of > requests. > > Rampart uses policy to decide what to build and process security > headers. At the moment policy is specified for the whole service.
Actually we can add policies at operation level or even at message level. Current Neethi/C implementation and Axis2/C description hierarchy support it. But I am not sure we can engage Rampart at operation level. If Rampart is engaged at service level then we can specify different security requirements for different operations. But for a particular operation you can't send both secure and non secure messages. -Manjula. > If > we support policy for endpoints we could support your requirement. But > still we are not supporting that. > > Regards, > Supun. > > On Thu, Feb 21, 2008 at 6:15 PM, Dave Meier <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I want to support WS-SECURITY on request coming in to my server, but I > > also want clients to be able to send SOAP requests with no WS-SECURITY > > and provide the userid/password by inserting them into the request as > > regular elements. I also want my REST calls to work without RAMPART > > doing anything with them. Is there a way to configure the server this > > way? > > > > So I want to support the following all with one services.xml file: > > > > 1. SOAP WS-SECURITY requests. > > 2. SOAP requests with no WS-SECURITY header. > > 3. REST calls. > > > > Thanks, > > > > -Dave. > > > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and intended > > solely for the use of the individual or entity to whom they are addressed. > > Any unauthorized review, use, disclosure or distribution is prohibited. If > > you are not the intended recipient, please contact the sender by reply > > e-mail and destroy all copies of the original message. > > ********************************************************************** > > > >
