Hi Jason,
> Is it possible to implement the rampart sample/basic/sample02 with
> policy?
Even though this is not recommended ( sending the UT in plain text
over HTTP), this is possible with Rampart. Policy for your scenario is
<wsp:Policy wsu:Id="UToverHTTP"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken/>
</wsp:Policy>
</sp:SupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>username</ramp:user>
<ramp:passwordCallbackClass>PWCallback</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
> If it is possible, how can I find out in my business method who the
> authenticated user is? For example, the Servlet API has a method
> HttpServletRequest.getRemoteUser(). Is such a similar API in rampart?
This tutorial describes how you can do this [1].
thanks,
/nandana
[1] - http://wso2.org/library/169
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
