*
The moose likes Web Services and the fly likes Axis 2 & Rampart - Only apply security to outbound requests. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Axis 2 & Rampart - Only apply security to outbound requests." Watch "Axis 2 & Rampart - Only apply security to outbound requests." New topic
Author

Axis 2 & Rampart - Only apply security to outbound requests.

Alan Macfarlanes
Greenhorn

Joined: Jun 01, 2012
Posts: 6
I'm using Rampart to generate a request.
I have a policy.xml that is used to apply security.

I'm getting an exception on the response as Rampart is looking for the security header, but one doesn't exist.

Can I still use my policy.xml and specify the fact that I don't need inbound security in this, or do I need to do something else?


Policy:
Alan Macfarlanes
Greenhorn

Joined: Jun 01, 2012
Posts: 6
The problem was that once Rampart is engaged, it expects the response to have the same security header. The way I solved the problem was by removing the handler to the Inflow security in the Rampart.mar file.

I'm not sure if this is the best fix, but it worked for us.

To remove the inflow handler: Unpack the rampart.mar file

Comment out the Inflow section

Zip up the META_INF folder. Then rename the .zip file to be .mar

Now when you use this as there are no handlers defined for inflow, it will just use the standard Axis2 response handler.

I guess if you had several projects using Rampart where some had the security header in the response and some didn't you would need a different approach.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Axis 2 & Rampart - Only apply security to outbound requests.
 
Similar Threads
SOAP Header missing using (Hash values do not match ) Rampart/Axis2
Exception in thread "main" org.apache.axis2.AxisFault: Error in extracting message properties
Add SAML Sender-vouches assertion to SOAP Header on WebService(WebSphere)
Help with SAML Sender vouches with a JAXWS Web Service and IBM Websphere please
Axis 2 & Rampart - Missing Security Header