You are viewing a plain text version of this content. The canonical link for it is here.

Posted to wss4j-dev@ws.apache.org by George Cowe <gc...@origoservices.com> on 2007/02/05 15:58:08 UTC

Secure with unsecure?

Hi

 

Can anyone tell me if it is possible to run an Axis 1.3 and WSS4J 1.5 secure web service on the same Tomcat server as another Axis 1.3 web service which does not require to be secure?

 

The reason I ask is because I have a Web Service defined which requires encryption and signing. When this is deployed it works perfectly. However it seems that any existing web services on the same Tomcat server which have no security requirements are now returning the message "WSDoAllReceiver: Request does not contain required Security header".

Each web service is using a different web context and does have a different WEB-INF/server-config.wsdd which is updated on deployment.

 

It seems like the DoSecuritySender and DoSecurityReceiver handlers defined in one service are being detected by another (which should be unrelated). 

If I restart the Tomcat service and run the unsecure web service it works ok. I then run the secure web service and it works ok. The next time the unsecure service is run the error message "WSDoAllReceiver: Request does not contain required Security header" appears. So it's as if something in memory is being shared across the Axis services!  

 

Can an Axis 1.3 and WSS4J 1.5 secure web service co-exist with an Axis 1.3 unsecure web service on the same Tomcat server?

 

Thanks

George          

 

George Cowe
Standards Architect
Origo Services Ltd
Tel: 0131 451 1179
Email: gcowe@origoservices.com <BL...@origoservices.com>