You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Sanjay Vivek <Sa...@newcastle.ac.uk> on 2008/04/22 15:20:15 UTC

WS-Security Policy that supports 2 alternatives.

Hi everyone,

Is it possible to define a WS-Security Policy that supports 2
alternatives? The 1st alternative requires the  Web Service client to
use UsernameToken while the 2nd alternative allows any client at all to
consume the service. I know this is can be done with WS-Security Policy
but I would like to know if the 2nd alternative is possible, i.e.
allowing any client at all to consume the service. So in the 2nd
scenario, clients that send SOAP requests without WS-Sec specific
headers will still be able to consume the service.

Clients who are not Rampart enabled can instead use Basic Auth to
consume the service (i.e. Scenario 2). Any insight would be greatly
appreciated. Cheers.

Regards
--------------
Sanjay Vivek
Web Analyst
Middleware Team
ISS
University of Newcastle Upon Tyne

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org