Sorry, [2] should have been as follows: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
----- Original Message ---- From: Ali Sadik Kumlali <[EMAIL PROTECTED]> To: axis-user@ws.apache.org Sent: Friday, December 8, 2006 5:14:11 PM Subject: [Axis2][1_1] Security validation is made only if security header is found... Hi folks, Is it normal that I don't get any exception if no WS-Security header added to the message while service expecting a signed message? If not, please let me know so that I can file a JIRA. Here are the use cases and how Rampart behaves: Common: - Service requires a signed message[1] Case1: Client adds <module ref="rampart"/> but doesn't add <parameter name="OutflowSecurity"> to the axis2.xml - Client sends message - Message doesn't have necessary WS-Security headers but only a single one[2] Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Case2: Client doesn't add either <module ref="rampart"/> or <parameter name="OutflowSecurity">... - Client sends message - Message doesn't have any WS-Security header. Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Regards, Ali Sadik Kumlali [1] <module ref="rampart"/> <parameter name="InflowSecurity"> <action> <items>Signature</items> <signaturePropFile>server_security.properties</signaturePropFile> </action> </parameter> [2] http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/> __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]