Thanks for your fast reply! Yeah that is true, but if a requester doesn't know about security headers, I prefer to give him a customized output message instead of a stack trace... With an optional security header it would be also possible to allow the client to execute at least not critical methods where no authentication is requiered.. (encryption and signing not considered)
Is it somehow possible do make the security header optional? I could not find a configuration parameter? Best regards Michael prabath schrieb: > Hi Michael; > > Can you please elaborate more on your requirement... > > If it is optional - that means your service in insecure. > > Thanks & regards. > -Prabath > http://RampartFAQ.com > > Michael Rogger wrote: >> Hi, >> >> I'm searching for a solution to make security headers optional. >> >> That means, if the client provides security headers good, >> if the client does not provide security headers, no exception should be >> thrown! >> >> I would like to customize the error message, or I would like to allow >> the requester to execute all methods with guest privilges (done by our >> system). >> >> My question, is it possible to make security headers optional? >> >> Thanks for your answer! >> Best regards >> Michael >> >> >
