On Tuesday, August 23, 2011 2:26:32 AM meteora28 wrote: > doing it this way, (post above) the whole service is affected. > how can I "activate/deactivate" the auth for a single method in this > service? otherwise I am not able to execute this method.
Really, I think the only way to do this would be by using WS-SecurityPolicy and marking the usernameToken stuff as optional. That would allow the WSS4J stuff to process it if it's there, or ignore it if it's not. Then you would need a separate interceptor that would check the message to see if it DID process a username and map that to the operation to see if it's allowed or not. Dan > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Authorization-for-single-web-service-operat > ions-Adding-something-to-SOAP-header-message-manually-tp4549777p4726106.html > Sent from the cxf-user mailing list archive at Nabble.com. -- Daniel Kulp [email protected] http://dankulp.com/blog Talend - http://www.talend.com
