I have a service where we have implemented ws-security with certificate (issuer name and serial number). Rampart is used for the security configuration and the configurations for the same is in the services.xml like below,
It works great without issues. But some of our customers would like for the ws-security to be turned off when they dont need it. Now, they do not want to be going in and modifying the code to remove the ws-security assertions in the services.xml and moreover it would be inside the WAR file. Is there a way to programatically turn off the ws-security settings and not have the service go through security? Dynamic rampart configuration is an option I am exploring (and having quite some trouble with --> see my thread --> http://www.coderanch.com/t/564573/Web-Services/java/Issues-dynamically-configuring-rampart-configuration). Apart from the dynamic rampart configuration, is there any other way that I can get this achieved? Suggestions please.