1) When defining a Web Service Provider (WSP), specifying a Security Provider simply indicates that Adeptia authentication is required to execute this WSP.
Also, at this point, the user/pwd in the Security Provider are irrelevant.
2) The userid/pwd of the “Security Policy” are only used when the WSP is called by an Adeptia Web Service Consumer (WSC) activity.
- Yes. Because attaching security policy to consumer is same as sending request message with security header
3) If a WSP specifies that a Security Policy is required, when a request is made to this WSP, the security credentials included in the SOAP Header are validated against the Adeptia User Database.
a. If the provided user credentials have “Execute” permission to the WSP, then the request will be executed
b. If the provided user credentials do NOT have “Execute” permission to the WSP, a SOAP Fault message of “java.lang.NullPointerException” is returned.
- Yes. In future release we will generate user friendly message in this case.
c. If the provided user credentials are NOT a valid Adeptia user, a SOAP Fault message “java.lang.Exception: Not a valid user” is returned.