Hi everyone, Is it possible to deploy a service that uses either Basic Auth or Rampart Auth? Basically the service has to figure out if the client that invokes it is based on Basic Auth or Rampart Auth. I haven't delved too deeply into this yet but I envisage this being done by getting at the HttpServletRequest object that carries the SOAP request (in the case of Basic Auth) and WSHandlerConstants.RECV_RESULTS (in the case of Rampart Auth). I have a couple of questions regarding this scenario.
Firstly, is it possible to configure a policy based Rampart service to only perform authentication if the client is Rampart enabled? I suppose this would be defined in the services.xml file. So if the client isn't Rampart enabled, the service will accept the client anyway. I realise this isn't very secure but I'm hoping the clients that aren't Rampart enabled can be authenticated using Basic Auth instead. My second question is regarding Basic Auth. Setting up Basic Auth for a service required editing the Axis2 web.xml file for incoming Web Service calls in the following manner: <security-constraint> <web-resource-collection> <url-pattern>/services</url-pattern> </web-resource-collection> <auth-constraint> <role-name>Basic-Auth_User</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config> <security-role> <role-name>Basic-Auth_User</role-name> </security-role> However, this configuration is totally different to a policy based Rampart configuration. So I'm not sure how both setups will work. So basically my question is whether its possible to have a service that supports both Basic Auth and Rampart Auth? Any insight or pointers will be very helpful. Cheers. Regards -------------- Sanjay Vivek Web Analyst Middleware Team ISS University of Newcastle Upon Tyne --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]