I am more interested in fixing gaps in Axis2. I have no issues in learning the weaknesses, but I would rather fix them, rather than encouraging users to use others.
On Wed, Nov 3, 2010 at 8:43 AM, Dennis Sosnoski <[email protected]> wrote: > If the consensus of the Axis2 developers is to avoid any discussion of > other alternatives on these lists I'll certainly respect that. But unless > there is a policy to that effect I'll continue to mention other open source > alternatives to people if it looks like Axis2 won't fulfill their > requirements. > > - Dennis > > > > On 11/03/2010 03:41 PM, Samisa Abeysinghe wrote: > > > > On Wed, Nov 3, 2010 at 5:24 AM, Dennis Sosnoski <[email protected]> wrote: > >> Hi Thomas, >> >> I haven't had any luck with one-way security policies using Axis2, >> though I didn't try this particular combination. You might find my >> latest Java Web Services article on devWorks of interest: >> http://www.ibm.com/developerworks/java/library/j-jws18/index.html This >> one covers WS-Policy in some detail, and includes my tests with some >> one-way policies. Your case is simpler than the ones I used, so you >> might find that CXF or Metro would work for what you want. >> > > Why are we advertising CFX and Metro on Axis2 list??? Should we not use > their own lists to do that??? > > >> You could also try attaching the policies directly to the actual Axis2 >> message object in your client code (rather than including them in the >> WSDL for client code generation), and see if that works. >> >> - Dennis >> >> -- >> Dennis M. Sosnoski >> Java SOA and Web Services >> Axis2/CXF/Metro Training and Consulting >> http://www.sosnoski.com - http://www.sosnoski.co.nz >> Seattle, WA +1-425-939-0576 - Wellington, NZ +64-4-298-6117 >> >> >> On 10/21/2010 07:26 AM, Thomas J Pinkl wrote: >> > I'm trying to consume a web service using Axis2 1.4.1 and Rampart 1.4. >> > The service requires WS-Security in the form of a signed request (no >> > encryption), using x.509 tokens. >> > >> > I generated the client code from a WSDL file provided by the service. >> > Unfortunately, it did not contain any security anotations. >> > >> > I am able to send a valid request to the service but I'm having a >> > problem with the response. >> > >> > The response from the web service is NOT signed or encrypted. However, >> > my attempts at configuring a policy file where the security is one-way, >> > have been unsuccessful. >> > >> > With my current policy, I receive an AxisFault while processing the >> > response: >> > >> > org.apache.axis2.AxisFault: Missing wsse:Security header in request >> > at >> org.apache.rampart.handler.RampartReceiver.setFaultCodeAndThrowAxisFault(RampartReceiver.java:166) >> > at >> org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:99) >> > at org.apache.axis2.engine.Phase.invoke(Phase.java:317) >> > at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:264) >> > at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:163) >> > at >> org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:363) >> > at >> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416) >> > at >> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228) >> > at >> org.apache.axis2.client.OperationClient.execute(OperationClient.java:163) >> > at ... >> > >> > I've tried removing the "Security" phase from InFlow and InFaultFlow >> > in my axis2.xml file, but it seems that Rampart is still invoked. >> > >> > Can anyone suggest how I can consume this lopsided (security-wise) >> > service? >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> Samisa ... > > http://samisa-abeysinghe.blogspot.com/ > > Samisa ... http://samisa-abeysinghe.blogspot.com/
