AFAIK we cant make this optional.
If your service required Security - but the incoming message doesn't
have a security header then an exception will be thrown.
But to cater your special requirement - you can write a handler and
place it before RampartReceiver - and handle your logic there.
Thanks & regards.
-Prabath
http://RampartFAQ.com
Michael Rogger wrote:
Thanks for your fast reply!
Yeah that is true, but if a requester doesn't know about security
headers, I prefer to give him a customized output message instead of a
stack trace...
With an optional security header it would be also possible to allow the
client to execute at least not critical methods where no authentication
is requiered.. (encryption and signing not considered)
Is it somehow possible do make the security header optional? I could not
find a configuration parameter?
Best regards
Michael
prabath schrieb:
Hi Michael;
Can you please elaborate more on your requirement...
If it is optional - that means your service in insecure.
Thanks & regards.
-Prabath
http://RampartFAQ.com
Michael Rogger wrote:
Hi,
I'm searching for a solution to make security headers optional.
That means, if the client provides security headers good,
if the client does not provide security headers, no exception should be
thrown!
I would like to customize the error message, or I would like to allow
the requester to execute all methods with guest privilges (done by our
system).
My question, is it possible to make security headers optional?
Thanks for your answer!
Best regards
Michael
