Is it necessary to use Rampart on client if server is using it?
https://stackoverflow.com/questions/12325927
-
30-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
I'm developing a web service and I am working with Axis2 + Rampart on the server. Is it necessary to have Rampart on both ends of the web service? Or is it possible to have a client which implements WS-Security with something other than Rampart?
The examples of Rampart which I've found seem to assume Rampart on both ends. I can't tell if that's just convenient, or if it's necessary. I don't have any control over the client.
解决方案
No. It is not necessary to use Rampart on the client. Rampart is basically processing the security headers in the SOAP message according to the WS-Security* Specifications. So if the client can send valid SOAP messages containing standard security headers adhering to the WS-Security* Specifications, rampart will successfully process the request and validate security.
