You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Hamidreza sahlolbey <sa...@gmail.com> on 2009/01/10 12:10:49 UTC
Rampart Security Whole
Hi;
I ve configured my web service to authenticate the web service callers using
rampart. Everything is ok when I use a java client to call the web service
but when I use php for calling the service it passes my security without
having to provide correct username and password. I 've wrote some log in my
ServerPassword CallBack Handler and it seems the PHP code bypass my security
as I don't see the logs when he service is called by php.
I will be thankfull if somebody take the time to guide me.
cheers,
Hamid
Re: Rampart Security Whole
Posted by Nandana Mihindukulasooriya <na...@gmail.com>.
Hi Hamid,
Not sure whether this is related to this issue [1]. Can you use policy
based configuration and try ? Rampart sample 01 (policy based) will provide
you the necessary configuration.
thanks,
nandana
On Sat, Jan 10, 2009 at 4:40 PM, Hamidreza sahlolbey <sa...@gmail.com>wrote:
> Hi;
> I ve configured my web service to authenticate the web service callers
> using rampart. Everything is ok when I use a java client to call the web
> service but when I use php for calling the service it passes my security
> without having to provide correct username and password. I 've wrote some
> log in my ServerPassword CallBack Handler and it seems the PHP code bypass
> my security as I don't see the logs when he service is called by php.
>
> I will be thankfull if somebody take the time to guide me.
>
> cheers,
> Hamid
>
[1] -
http://markmail.org/message/aqp7bu7a36lyrkzl?q=list:org.apache.ws.axis-user+[Axis2+1.1.1]+Security+policy+not+enforced
--
Nandana Mihindukulasooriya
WSO2 inc.
http://nandana83.blogspot.com/
http://www.wso2.org