Michael, WS-Security Policy does allow alternative policies which will allow you to do something like what you're asking for but Neethi (the WS-Policy library used by axis2/rampart) does not support it AFAIK. There have been number of requests on the list for this, but nothing has been done so far though I think it should be fairly used use case. There is a JIRA logged for this as well but it is just sitting out there.
Your best bet is to create a handler and put it infront of rampart that dynamically engages and disengages rampart based on the presense of wsse:Security header. A hack solution until alternative policy support comes into rampart George -----Original Message----- From: Michael Rogger [mailto:[email protected]] Sent: Monday, August 24, 2009 6:35 AM To: [email protected] Subject: Re: Security Headers - Optional? Thanks for your fast reply! Yeah that is true, but if a requester doesn't know about security headers, I prefer to give him a customized output message instead of a stack trace... With an optional security header it would be also possible to allow the client to execute at least not critical methods where no authentication is requiered.. (encryption and signing not considered) Is it somehow possible do make the security header optional? I could not find a configuration parameter? Best regards Michael prabath schrieb: > Hi Michael; > > Can you please elaborate more on your requirement... > > If it is optional - that means your service in insecure. > > Thanks & regards. > -Prabath > http://RampartFAQ.com > > Michael Rogger wrote: >> Hi, >> >> I'm searching for a solution to make security headers optional. >> >> That means, if the client provides security headers good, >> if the client does not provide security headers, no exception should be >> thrown! >> >> I would like to customize the error message, or I would like to allow >> the requester to execute all methods with guest privilges (done by our >> system). >> >> My question, is it possible to make security headers optional? >> >> Thanks for your answer! >> Best regards >> Michael >> >> >
