[jboss-user] [JBoss Web Services] - Re: Where is jboss-ws-security_1_0.xsd

Steve Cohen [http://community.jboss.org/people/stevecoh4] created the discussion "Re: Where is jboss-ws-security_1_0.xsd" To view the discussion, visit: http://community.jboss.org/message/639902#639902 -------------------------------------------------------------- Thanks for acknowledging the problems I found, Alessio.  However, my tests reveal that this is not completely correct: I have three basic test cases: 1) request has WS-Security header with a valid username/password 2) request has WS-Security header with an invalid username/password 3) request has no WS-Security header. I expect the follwing results in these cases: 1) request is processed, non-error response 2) request is disallowed ("Invalid User".) 3) request is disallowed ("This service requires <wsse:Security>, which is missing"). However. the above test suite only passes with a file jboss-wsse-server.xml like that in the sample (note that I have commented out the schema stuff so it won't fail vaidation in Eclipse). With this config (as implied by your comment: then the first two test cases pass but the third one does not, that is, requests without the W2Security header are allowed.  Thus it seems that the <username> element IS required on the server side to perform security checks correctly. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/639902#639902] Start a new discussion in JBoss Web Services at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&...]