I found this services.xml sample in rampart source code:
Hope this help
<service name="PingPort">
<parameter locked="false"
name="ServiceClass">org.apache.axis2.oasis.ping.PingPortSkeleton</parameter>
<!--Mounting the method Ping-->
<operation name="Ping">
<messageReceiver
class="org.apache.axis2.oasis.ping.PingPortMessageReceiverInOut"/>
</operation>
<parameter name="InflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Signature Encrypt Timestamp</items>
<user>bob</user>
<passwordCallbackClass>org.apache.axis2.security.PWCallback</passwordCallbackClass>
<signaturePropFile>interop.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#tripledes-cbc</encryptionSymAlgorithm>
<encryptionUser>alice</encryptionUser>
<enableSignatureConfirmation>false</enableSignatureConfirmation>
</action>
</parameter>
</service>
On 8/24/07, Andrew Fielden <[EMAIL PROTECTED]> wrote:
> Apologies if this was a dumb question, but I have spent some time
> dredging through the code, and tried various things to solve this
> problem. The documentation does not go into detail about this either.
> Do you need any further information to answer this question?
>
>
> > -----Original Message-----
> > From: Andrew Fielden [mailto:[EMAIL PROTECTED]
> > Sent: 23 August 2007 17:25
> > To: [email protected]
> > Subject: Disabling signature confirmation
> >
> > I've deployed a web service to Axis2. This web service uses Rampart.
> > The response SOAP message always contains a signature confirmation
> > token. I know that this is enabled by default, however I've tried
> > various things (listed below) in the services.xml to disable this.
> None
> > of these have disabled signature confirmation. This causes a problem
> > when my web service is invoked by e.g. Websphere, because it isn't
> > expecting the signature confirmation token to be present in the
> response
> > message. E.g.
> >
> > <wsse11:SignatureConfirmation xmlns:wsse11=....>
> >
> > I'm guessing I've specified the wrong handler to disable it. Could
> > someone please suggest how I can disable signature confirmation?
> >
> > Thanks.
> > Andrew.
> >
> > What I've tried so far..
> >
> > <responseFlow>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllHandler">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > </responseFlow>
> >
> > <requestFlow>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.rampart.handler.WSDoAllHandler">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > <handler
> > type="java:org.apache.ws.axis.security.WSDoAllReceiver">
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </handler>
> > </requestFlow>
> >
> > <globalConfiguration>
> > <parameter name="enableSignatureConfirmation"
> > value="false"/>
> > </globalConfiguration>
> >
>
>
--
Don't be evil!!!
