On Feb 12, 2008 5:29 PM, Kaushalye Kapuruge <[EMAIL PROTECTED]> wrote: > > Senaka Fernando wrote: > > Hi again, > > > > Also adding to this discussion, we must be fair to REST users too, > > Kaushalye and that makes sense. :)... > > > > > :) Yes. But still I do not accept exposing the password even for REST users. > I mean this is transport level authentication. The call come to the > service after the transport layer authentication is done. So let's keep > the authentication logic there.
Yes, in a strict sense, exposing transport headers is a violation of concern. However, pragmatically, this is too much information hidden from the service, specially in REST world. Why don't we allow the user to decide if this functionality is needed? I would suggest adding another param in the axis2.xml. In default configuration it will not be enabled, and if someone intends to use this feature he will have to enable it using the axis2.xml. Any comments? -- Dumindu Pallewela http://blog.dumindu.com GPG ID: 0x9E131672 WSO2 | "Oxygenating the Web Service Platform" | http://wso2.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
