Thursday, November 19, 2009

How to generate a non-secured response to a secured request?

In other words - how to avoid rampart being executed in the OutFlow of a particular service.

1. Add a new phase [NoSecurity] in global axis2.xml under OutFlow - just before the Security phase

<phaseOrder type="OutFlow">
        <phase name="soapmonitorPhase"/>
        <phase name="OperationOutPhase"/>
        <phase name="RMPhase"/>
        <phase name="PolicyDetermination"/>
        <phase name="MessageOut"/>
        <phase name="NoSecurity"/>
        <phase name="Security"/>
</phaseOrder>
2. Create a module [say, nosecuity] with handler having the following logic.

public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
    msgContext.setCurrentHandlerIndex(msgContext.getCurrentHandlerIndex() + 2);
    return InvocationResponse.CONTINUE;
}
You can download the eclipse project for this module from here.

3. Engage this module to the service you want to remove security frome OutFlow.

<module ref="nosecurity" />
Posted by Prabath Siriwardena at 4:02 PM
Labels:

3 comments:

Oscar Mauricio Laverde

Please, attach nosecurity.mar file.

January 29, 2010 at 7:44 AM
alan macfarlane

Thanks for this, I had removed the infow section from my module.xml in the Rampart.mar file, but this looks like the better option.

June 7, 2012 at 1:43 PM
Roger

Alan, I looked at the solution in Stack Overflow. HOw did you edit .mar file??

October 28, 2012 at 6:37 PM

Post a Comment

Subscribe to: Post Comments (Atom)