Dear Mayank,
Thank you for your reply. Do you by any chance know of a simple example
of how to go about using ws-policy to setup a security policy
alternative?
-pash
Mayank Mishra-2 wrote:
>
> pashpour wrote:
>> Hi folks,
>>
>> I wanted to find out if it's possible to make WSS4j username/pass
>> headers optional. I'm hosting a service where a subset of the hosted
>> methods
>> require authentication. Any help would be greatly appreciated.
>>
>>
> Hi Pash,
>
> Specifying UsernameToken in the wss4j action, must always seek for
> username in security headers. But I can see that WSSecurityEngine
> calling the respective processor for every security element found in the
> security header. I guess, it must verify the actual incoming request
> with the expected incoming request. Colm, will be having a better answer.
> :)
>
> If you are going to use CXF 2.2, in which SecurityPolicy is supported,
> then you can specify the same as policy alternative (security policy
> alternative), hence any request with or without username will be accepted.
>
> With Regards,
> Mayank
>> Thanks,
>>
>> pash
>>
>
>
>
--
View this message in context:
http://www.nabble.com/WSS4J-username-pass-optional--tp20930045p20942699.html
Sent from the cxf-user mailing list archive at Nabble.com.
