I'm running into a problem getting Rampart working with Axis2 and WS-Security without WS-Addressing. I believe this this is related to JIRA items 127 https://issues.apache.org/jira/browse/RAMPART-127 and possibly 225 https://issues.apache.org/jira/browse/RAMPART-225 The scenario is this: for an interoperability test environment, I need to setup a service which requires an unsigned UsernameToken. In the real world, policy would require a TransportBinding using an HttpsToken but for the test environment we've decided to relax the requirement for https transport. With the following policy, all is well as long as the operation is specificed with a SOAP action in the request. But if the action is parsed from the SOAP body, I get an Invalid Security error thrown by the PostDispatchVerificationHandler. <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; /> </wsp:Policy> </sp:SupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:passwordCallbackClass>org.starstandard.transport.service.PWCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Any suggestions on how to get this working? Thanks Bridget Almas XML Data Architect STAR Organization
