I'm trying to get HTTPS/SSL working with a web service running in Axis1.1. I want to encrypt all messages sent to/from a particular web service. I don't want encryption used with other deployed web services.
I've searched through the mailing list to see if what I'm trying to do will work, and ran across the following statement from Chapter 11 (Web Services Security) in Pankaj Kumar's book (J2EE Security for Servlets, EJBs, and Web Services) (http://www.pankaj-k.net/WSOverSSL/WSOverSSL-HOWTO.html): "This makes it hard to protect only certain services within a Web container with HTTPS and let others be accessed with plain HTTP. You must have all services deployed within a particular Web container accepting HTTPS connection or none." Is this still true? Or can I configure axis so that encryption is applied to only one service in the webapp? Also, can I encrypt messages only one-way? That is, can I encrypt messages *to* my service, but not *from* the service? Regards. Steve Pannier
