Hi all,
I�ve a doubt regarding web services security. If I configure a web service to expect a security header(basically signed, encrypted
soap message) and the soap message that is sent to the web service is not having any encryption or signature as expected by web service, should the web service process that soap message or flag a soap fault saying the message is not secured as expected.
In case of axis, it processes the soap message without caring for security header part of soap message although it is configured for security settings.
Is it a proper behavior or not?