Thursday, November 19, 2009

How to generate a non-secured response to a secured request?

In other words - how to avoid rampart being executed in the OutFlow of a particular service.

1. Add a new phase [NoSecurity] in global axis2.xml under OutFlow - just before the Security phase

<phaseOrder type="OutFlow">
<phase name="soapmonitorPhase"/>
<phase name="OperationOutPhase"/>
<phase name="RMPhase"/>
<phase name="PolicyDetermination"/>
<phase name="MessageOut"/>
<phase name="NoSecurity"/>
<phase name="Security"/>
</phaseOrder>
2. Create a module [say, nosecuity] with handler having the following logic.

public InvocationResponse invoke(MessageContext msgContext) throws AxisFault {
msgContext.setCurrentHandlerIndex(msgContext.getCurrentHandlerIndex() + 2);
return InvocationResponse.CONTINUE;
}
You can download the eclipse project for this module from here.

3. Engage this module to the service you want to remove security frome OutFlow.

<module ref="nosecurity" />

3 comments:

Oscar Mauricio Laverde

Please, attach nosecurity.mar file.

alan macfarlane

Thanks for this, I had removed the infow section from my module.xml in the Rampart.mar file, but this looks like the better option.

Roger

Alan, I looked at the solution in Stack Overflow. HOw did you edit .mar file??

Post a Comment