I have a client and a server .Supposing that the client side has rampart and axis2 ,hence it signs the message using policy.xml.
But on the server side , I directly wrote some code where the SOAP message is taken and signed using the WsSecurityEngine().i.e it is using wss4j
Can the server side be attached with any policy.xml kind of thing ,where it gets to know what security mechanism its has to perform?
you can put rampart on the server side and in specify your own implementation of the security WSPasswordCallback class.
in axis2 the services.xml within the service itself on the server tells axis2 which password callback handler to use.
within this services.xml you can include the policy.xml for the server end. - there are samples in the rampart samples folder.
within your WSPasswordCallback class you can check many types of authentication security ect. but rampart will do a lot for you based on your policy.
hope this helps.
padma harika pottamsetty
Joined: Jun 27, 2011
Well the issue here is in my case axis2 cannot sit on the server side.I know It could have been easier to have it , but as I dnt have axis2 I have to figure out a way to implement some security on the server side ,similar to rampart