Hi, I've been recently looking into the calculator-ws-secure-webapp sample, enabling it for authentication and integrity. While there has been no specific issue with getting these to work in a webapp, I observed the following :-
- assume there are different policysets defined for authentication and integrity. There are two types of policy models we support for ws-security currently, i) that uses axis2 config parameters and 2) that uses WS-Policy ( i.e. ws-security-policy) - now if I set up a service with either authentication or integrity, things seem to work fine. However, if I adorn a service with both authentication and integrity, then things go a bit bizarre. But when I merged the two policies together things work as expected i.e. I had to define one single policyset to encapsulate the policy for authentication and integrity. So it seems like the configation parameters and WS-Policy instances may need to be merged before being set into Axis2. But, then I don't like the idea of asking users to create merged versions of policies besides the individual ones. So am trying to see if I can clean up the policy handling in binding-ws-axis2 to something where we have policy handlers doing this merge before setting onto axis2. Thoughts ? Thanks - Venkat
