Major Description
Hi,
Although service is expecting a signed message, I don't get any exception if no WS-Security header has been added to the message.
Here are the use cases and how Rampart behaves:
Common:
- Service requires a signed message[1]
Case1: Client adds <module ref="rampart"/> but doesn't add <parameter name="OutflowSecurity"> to the axis2.xml
- Client sends message
- Message doesn't have necessary WS-Security headers but only a single one[2]
Result
- Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected
behaviour)
Case2: Client doesn't add either <module ref="rampart"/> or <parameter name="OutflowSecurity">...
- Client sends message
- Message doesn't have any WS-Security header.
Result
- Rampart doesn't log or throw any exception and the message passes to the message receiver (Unexpected behaviour)
Regards,
Ali Sadik Kumlali
[1]
<module ref="rampart"/>
<parameter name="InflowSecurity">
<action>
<items>Signature</items>
<signaturePropFile>server_security.properties</signaturePropFile>
</action>
</parameter>
[2] <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>