> We need to be able to bypass rampart security during the InFlow phase > only. This is due to the fact that we are grading requests based on a > certain critieria. If the request is missing a signed part then we want > to know that. With the current rampart module (1.4) it rejects the > request out of hand. >
We can configure message level security and so only the out messages will be secured. But from the above content. it seems that is not what you want. If I understood correct, your incoming messages will carry security information, but you don't need to Rampart to validate it ? If you want to this to happen when signature failures / decryption failures then that is not possible. But if you want this to happen for policy validations such as missing singed part then it is possible with Rampart using a Custom Policy validater. Which one of the above is your requirement ? > What are my options to have the service only activate signing and > encrypting during OutFlow only? I have searched axis2 as well but I > figured someone using Rampart may have run into this before. I can > think of one option which is to modify the rampar module's module.xml > file and remove InFlow. But that can't be ideal. > Are you security validation by your self ? So are you using a handler or are you doing this at the service ? As security header is must understand header someone needs to process it before it reaches message receiver , otherwise you will get an must understand failure. thanks, nandana -- Nandana Mihindukulasooriya WSO2 inc. http://nandana83.blogspot.com/
