I have a simple Service defined. This Service uses with in and out request and response parameter settings. By default, If I understand it correctly, ESB exposes this service as a web service end point. I have a remote web application that submits a simple soap message to this service/end point. This all works great. My next step is to integrate security. I modified my soap message contain UsernameToken. However when I set the tag inside my service definition. I get an exception indicating that AuthRequest has not been set up. My readings indicate that Gateway listeners or ServiceInvoker is able to extract security tokens from the incoming input. Is it possible to integrate security into a Service that is exposed through contract definition.
Do i need to keep the service as it is and use the webservice attribute (=false) and not expose the service? Do I then integrate jbr listener and have my client web application submit a request to the jbr port?
thanks
