Hello Andreas- which version Rampart are you using?
Thanks/ Martin-- ----- Original Message ----- From: "Andreas Fey" <[EMAIL PROTECTED]> To: <axis-user@ws.apache.org> Sent: Wednesday, October 31, 2007 9:21 AM Subject: Axis2 Security with Rampart > Hi, > > i recently tried to secure our webservices with rampart. I did this > first for all webservice methods, and it worked well (after several > hours of unsuccessfull tries...). > > But now, some of these methods have to be unsecured to enable simple > access for guest users. > > I left everything unchanged except the sevice.xml, where i added a > <operation> tag for each of the secured methods and placed a <parameter> > tag inside it. Everything inside this tag was places directly under the > <service> tag at root level before.=20 > Now it looks like: > > <service> > [bla...] > > <messageReceivers> > <messageReceiver mep=3D"http://www.w3.org/2004/08/wsdl/in-out" > class=3D"org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> > </messageReceivers> > > <parameter name=3D"ServiceClass"> > de.tafmobile.server.services.appgenerator.sbl.ws.AppGeneratorService > </parameter> > > <module ref=3D"rampart"/> > > <operation name=3D"uploadMobilePhoneImage"> > <messageReceiver > class=3D"org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> > > <parameter name=3D"InflowSecurity"> > <action> > <items>UsernameToken</items> > <passwordCallbackClass>de.tafmobile.server.Axis2PasswordCallbackHandler</pa= > sswordCallbackClass> > </action> > </parameter> > </operation> > > [/bla...] > </service> > > The problem is, that this seems to have no effect; results of the > secured methods can be obtained without any security stuff. To > complicate this i bit more, if i call a webservice method directly via > URL (instead of using ".wsdl" after the service URL use > "/<methodname>"), an error concerning a missing security - tag is > displayed. But, just to make this clear, if i call the method via Axis2 > Java Code, i get no error but results! > > > Thank you very much for your help, > > Andreas > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]