[Axis2][1_1] Security validation is made only if security header is found...
Hi folks, Is it normal that I don't get any exception if no WS-Security header added to the message while service expecting a signed message? If not, please let me know so that I can file a JIRA. Here are the use cases and how Rampart behaves: Common: - Service requires a signed message[1] Case1: Client adds module ref=rampart/ but doesn't add parameter name=OutflowSecurity to the axis2.xml - Client sends message - Message doesn't have necessary WS-Security headers but only a single one[2] Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Case2: Client doesn't add either module ref=rampart/ or parameter name=OutflowSecurity... - Client sends message - Message doesn't have any WS-Security header. Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Regards, Ali Sadik Kumlali [1] module ref=rampart/ parameter name=InflowSecurity action itemsSignature/items signaturePropFileserver_security.properties/signaturePropFile /action /parameter [2] http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd/ Want to start your own business? Learn how on Yahoo! Small Business. http://smallbusiness.yahoo.com/r-index - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][1_1] Security validation is made only if security header is found...
Sorry, [2] should have been as follows: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd/ - Original Message From: Ali Sadik Kumlali [EMAIL PROTECTED] To: axis-user@ws.apache.org Sent: Friday, December 8, 2006 5:14:11 PM Subject: [Axis2][1_1] Security validation is made only if security header is found... Hi folks, Is it normal that I don't get any exception if no WS-Security header added to the message while service expecting a signed message? If not, please let me know so that I can file a JIRA. Here are the use cases and how Rampart behaves: Common: - Service requires a signed message[1] Case1: Client adds module ref=rampart/ but doesn't add parameter name=OutflowSecurity to the axis2.xml - Client sends message - Message doesn't have necessary WS-Security headers but only a single one[2] Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Case2: Client doesn't add either module ref=rampart/ or parameter name=OutflowSecurity... - Client sends message - Message doesn't have any WS-Security header. Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Regards, Ali Sadik Kumlali [1] module ref=rampart/ parameter name=InflowSecurity action itemsSignature/items signaturePropFileserver_security.properties/signaturePropFile /action /parameter [2] http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Axis2][1_1] Security validation is made only if security header is found...
Beginning part of the line is *somehow* clipped. Really sorry for disturbing :( - Original Message From: Ali Sadik Kumlali [EMAIL PROTECTED] To: axis-user@ws.apache.org Sent: Friday, December 8, 2006 5:22:41 PM Subject: Re: [Axis2][1_1] Security validation is made only if security header is found... Sorry, [2] should have been as follows: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd/ - Original Message From: Ali Sadik Kumlali [EMAIL PROTECTED] To: axis-user@ws.apache.org Sent: Friday, December 8, 2006 5:14:11 PM Subject: [Axis2][1_1] Security validation is made only if security header is found... Hi folks, Is it normal that I don't get any exception if no WS-Security header added to the message while service expecting a signed message? If not, please let me know so that I can file a JIRA. Here are the use cases and how Rampart behaves: Common: - Service requires a signed message[1] Case1: Client adds module ref=rampart/ but doesn't add parameter name=OutflowSecurity to the axis2.xml - Client sends message - Message doesn't have necessary WS-Security headers but only a single one[2] Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Case2: Client doesn't add either module ref=rampart/ or parameter name=OutflowSecurity... - Client sends message - Message doesn't have any WS-Security header. Result - Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected(?) behaviour) Regards, Ali Sadik Kumlali [1] module ref=rampart/ parameter name=InflowSecurity action itemsSignature/items signaturePropFileserver_security.properties/signaturePropFile /action /parameter [2] http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd/ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
