In Axis2/Rampart, how do I ignore the SignatureToken on the recipient/response side?

Question

I'm sending and receiving good SOAP requests/responses, but the response comes back with a signature token that I want to ignore. The underlying XML is good and could be serialized into the respective Java objects, but without validating the response token it always throws:

org.apache.ws.security.WSSecurityException: The security token could not be authenticated or authorized

Is there a way to configure Axi2 or Rampart, for instance in policy.xml or the RampartConfig, to ignore the security token in the response header and just serialize the XML into the Java objects?

EDIT: I do have the cert to validate on the client side, but for the sake of argument assume that I can't. That's another question if there's no good way to simply ignore response validation.

EDIT: I got past my issue without having to answer this. The trick was to set the truststore value correctly in the properties of the CryptoConfig, as well as the keystore properties. I'll leave this question up though, as I'm still curious as to whether this is possible.

Answer 1

The answer to your question is to use CustomPolicyValidator
You must mention this in the policy.xml file

<ramp:policyValidatorCbClass>xx.yy.zz.CustomPolicyValidator</ramp:policyValidatorCbClass>

public class CustomPolicyValidator implements  PolicyValidatorCallbackHandler{
  public
    void validate(ValidatorData data, Vector results) throws RampartException {
       System.out.println("Put your own validation here .....");
  }
}