Hi Jason, > Is it possible to implement the rampart sample/basic/sample02 with > policy?
Even though this is not recommended ( sending the UT in plain text over HTTP), this is possible with Rampart. Policy for your scenario is <wsp:Policy wsu:Id="UToverHTTP" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken/> </wsp:Policy> </sp:SupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>username</ramp:user> <ramp:passwordCallbackClass>PWCallback</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> > If it is possible, how can I find out in my business method who the > authenticated user is? For example, the Servlet API has a method > HttpServletRequest.getRemoteUser(). Is such a similar API in rampart? This tutorial describes how you can do this [1]. thanks, /nandana [1] - http://wso2.org/library/169 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]