On 1/14/08, Jackson, Douglas <[EMAIL PROTECTED]> wrote: > > If I wished to implement secure web services with ode what is the > easiest or best way to do that? > I would imagine that you could enable some mar on the axis2 to check > for ws-security credentials on the input message. What if you wanted > access to the user name within the bpel process? Would you have to pass > it in the message as well as in the soap header? Alternatives?
Yes, a custom Axis2 module would be required at the moment. This module could get information from the WS-Security module and place the username into the message (header/payload). What about the outbound message - would you have to write the wsdl such > that you are putting parts of the message into the outbound header? Yes, you would define message part(s) for additional security information required by the outbound modules. Is servicemix / jbi the better way to go with this kind of stuff? At the BPEL level, it would be the same. At the implementation level, you need to decide whether the JBI or Axis2 works better for you. (Personally I find using interceptor-like modules in Axis2 easier than in JBI since there's no wiring needed.) alex
