pashpour wrote:
Hi folks,
I wanted to find out if it's possible to make WSS4j username/pass
headers optional. I'm hosting a service where a subset of the hosted methods
require authentication. Any help would be greatly appreciated.
Hi Pash,
Specifying UsernameToken in the wss4j action, must always seek for
username in security headers. But I can see that WSSecurityEngine
calling the respective processor for every security element found in the
security header. I guess, it must verify the actual incoming request
with the expected incoming request. Colm, will be having a better answer. :)
If you are going to use CXF 2.2, in which SecurityPolicy is supported,
then you can specify the same as policy alternative (security policy
alternative), hence any request with or without username will be accepted.
With Regards,
Mayank
Thanks,
pash
