[
https://issues.apache.org/jira/browse/RAMPARTC-71?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12573602#action_12573602
]
Dave Meier commented on RAMPARTC-71:
------------------------------------
Thanks for your comments. I thought the change I made would be safe because it
still checks at the operation level if an operation is provided in the URL or
the action, but it is true that this opens a security hole for the case where
the service does not specify policy at the service level. It could be workable
if there was a server side switch to say that there is no policy attached at
the operation level, since then it would be safe to just look at the service
level.
-Dave.
> Rampart does not work unless the operation name is in the URL
> -------------------------------------------------------------
>
> Key: RAMPARTC-71
> URL: https://issues.apache.org/jira/browse/RAMPARTC-71
> Project: Rampart/C
> Issue Type: Bug
> Components: Rampart-core
> Affects Versions: 1.1.0
> Environment: Windows XP
> Reporter: Dave Meier
> Assignee: S.Uthaiyashankar
> Priority: Critical
> Fix For: Current
>
> Attachments: rampart_engine_c_diff.txt
>
>
> Using regular SOAP calls without rampart I can use
> http://localhost:9090/axis2/services/myservicename as the URL and axis2/c
> gets the operation name out of the XML. With rampart, it only works if I add
> the operation name to the end of the URL (e.g.
> http://localhost:9090/axis2/services/myservicename/myoperation). This adds a
> lot of complexity to the client as I have to use a different URL for each
> operation.
> I am using Visual Studio 2005 C# as the client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
