Another question on top of that. Is it possible to have two methods on a web service. One that will need a wss header and another that won't? How can I tell the wss4j out interceptor to do that?
---------- Forwarded message ---------- From: Henri Tremblay <[email protected]> Date: 9 December 2011 11:16 Subject: WSS4J question: How to avoid it for the login service? To: users <[email protected]> Hi, I've been wondering how to do something for a long time now. I've tried some homemade code but would like to know how you folks would do it. I have a LoginService that should be called without any security header. It will return a password that should then be added to the ws-security header of every other calls. I would like to set the WSS4JInInterceptor on the bus. So, from there, I would like the WSS4JInInterceptor to let pass a call to the LoginService and check the user/password for all others. On the server side, I have a custom interceptor that overload the computeAction to tell there are no security on the LoginService (with a "if"). Is there better way? And what can I do on the client side? I would also like to have the WSS4jOutInterceptor to be on the bus. Should I use the same "if" trick to set the interceptor to "no action"? Thanks for your insight - Henri
