Gary, You can also use the deprecated Inflowsecurity and outflowsecurity parameters. That's no problem, and it can also be not engaged globally, but in some specific services.
Thanks. Xi Ting -----Original Message----- From: Snider, Gary [USA] [mailto:[EMAIL PROTECTED] Sent: 2008年7月29日 23:23 To: [email protected] Subject: Rampart 1_0 and 1_1+ in/out handling changes This is related to my other post about enabling rampart for Inflow or Outflow only. - Apparently in rampart 1_0 one could toggle whether rampart should handle inflow or outflow by the shear presence of the InflowSecurity and OutflowSecurity parameters. (http://ws.apache.org/axis2/modules/rampart/1_0/security-module.html) "Since rampart module inserts handlers in the system specific pre-dispatch phase, it must be engaged globally. But it is possible to activate rampart module for the inflow or the outflow when required by the service or the clients." - But in rampart 1_1+ it now uses ramp:RampartConfig and WS-SecurityPolicy. And there is no longer a concept of telling rampart to handle inflow or outflow. It will do BOTH by default. My questions. In order to toggle Inflow/Outflow for rampart... 1) although I'm using rampart 1.4, should I use the old InflowSecurity and OutflowSecurity parameters? 2) should I hack the rampart-1_4.mar file module.xml to remove inflow? 3) why did that choice (inflowSecurity/outflowSecurity) get removed for rampart 1_1+. And what is it's comparable option using policy files. Thanks Gary
