You are viewing a plain text version of this content. The canonical link for it is here.

Posted to java-user@axis.apache.org by Hamidreza sahlolbey <sa...@gmail.com> on 2009/01/10 12:10:49 UTC

Rampart Security Whole

Hi;
I ve configured my web service to authenticate the web service callers using
rampart. Everything is ok when I use a java client to call the web service
but when I use php for calling the service it passes my security without
having to provide correct username and password. I 've wrote some log in my
ServerPassword CallBack Handler and it seems the PHP code bypass my security
as I don't see the logs when he service is called by php.

I will be thankfull if somebody take the time to guide me.

cheers,
Hamid

Re: Rampart Security Whole

Posted by Nandana Mihindukulasooriya <na...@gmail.com>.

Hi Hamid,
      Not sure whether this is related to this issue [1]. Can you use policy
based configuration and try ? Rampart sample 01 (policy based) will provide
you the necessary configuration.

thanks,
nandana

On Sat, Jan 10, 2009 at 4:40 PM, Hamidreza sahlolbey <sa...@gmail.com>wrote:

> Hi;
> I ve configured my web service to authenticate the web service callers
> using rampart. Everything is ok when I use a java client to call the web
> service but when I use php for calling the service it passes my security
> without having to provide correct username and password. I 've wrote some
> log in my ServerPassword CallBack Handler and it seems the PHP code bypass
> my security as I don't see the logs when he service is called by php.
>
> I will be thankfull if somebody take the time to guide me.
>
> cheers,
> Hamid
>


[1] -
http://markmail.org/message/aqp7bu7a36lyrkzl?q=list:org.apache.ws.axis-user+[Axis2+1.1.1]+Security+policy+not+enforced


-- 
Nandana Mihindukulasooriya
WSO2 inc.

http://nandana83.blogspot.com/
http://www.wso2.org