axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From donald yang <donal...@googlemail.com>
Subject How to define ws-security policy for UserToken+HTTPs+Signature+Encryption
Date Thu, 10 Jun 2010 17:04:00 GMT
Hi All,

Currently I am doing some tests for WS-Security. At the moment, I know
how to define ws-security policy for HTTPs, UserToken+HTTPs, or
UserToken+Signature+Encryption. However if I define ws-security
policy(see[1]) for UserToken+HTTPs+Signature+Encryption, I get a soap
fault message, "message is not signed". I first would like to know
whether Rampart supports that assertion or not. If so, could anyone
have a look my policy to see where is wrong? Many thanks in advance.

best regards
yong

[1] services.xml

<service name="WebServiceWithUserTokenHttpsSignatureAndEncryption"
scope="request">
  <messageReceivers>
    <messageReceiver
      mep="http://www.w3.org/2004/08/wsdl/in-only"
      class="org.apache.axis2.rpc.receivers.RPCInOnlyMessageReceiver"/>
    <messageReceiver
      mep="http://www.w3.org/2004/08/wsdl/in-out"
      class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
  </messageReceivers>
  <parameter name="ServiceClass">wss.test.UserTokenHttpsSignatureEncryptionService</parameter>
  <wsp:Policy wsu:Id="UserTokenHttpsSigEncr"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
    <wsp:ExactlyOne>
        <wsp:All>
        		<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
		  <wsp:Policy>
			<sp:TransportToken>
			  <wsp:Policy>
				<sp:HttpsToken RequireClientCertificate="false"/>
			  </wsp:Policy>
			</sp:TransportToken>
			<sp:AlgorithmSuite>
			  <wsp:Policy>
				<sp:Basic256/>
			  </wsp:Policy>
			</sp:AlgorithmSuite>
			<sp:Layout>
			  <wsp:Policy>
				<sp:Lax/>
			  </wsp:Policy>
			</sp:Layout>
			<sp:IncludeTimestamp/>
		  </wsp:Policy>
		</sp:TransportBinding>
            <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:InitiatorToken>
                        <wsp:Policy>
                            <sp:X509Token

sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                    <sp:WssX509V3Token10/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:InitiatorToken>
                    <sp:RecipientToken>
                        <wsp:Policy>
                            <sp:X509Token

sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                    <sp:WssX509V3Token10/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:RecipientToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:TripleDesRsa15/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Strict/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:OnlySignEntireHeadersAndBody/>
                </wsp:Policy>
            </sp:AsymmetricBinding>
            <sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
                <sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
            </wsp:Policy>
            </sp:SignedSupportingTokens>
            <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier/>
                    <sp:MustSupportRefEmbeddedToken/>
                    <sp:MustSupportRefIssuerSerial/>
                </wsp:Policy>
            </sp:Wss10>
            <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <sp:Body/>
            </sp:EncryptedParts>
            <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <sp:Body/>
                <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
            </sp:SignedParts>
      	<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
        	<ramp:user>serverkey</ramp:user>
          <ramp:encryptionUser>clientkey</ramp:encryptionUser>
          <ramp:passwordCallbackClass>com.querix.wss.test.PWCBHandler
          </ramp:passwordCallbackClass>

          <ramp:signatureCrypto>
	          <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
            	<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
            	<ramp:property
name="org.apache.ws.security.crypto.merlin.file">server.keystore</ramp:property>
            	<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
            </ramp:crypto>
          </ramp:signatureCrypto>
          <ramp:encryptionCypto>
          	<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
            	<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
              <ramp:property
name="org.apache.ws.security.crypto.merlin.file">server.keystore</ramp:property>
              <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">nosecret</ramp:property>
          	</ramp:crypto>
        	</ramp:encryptionCypto>
        	<ramp:sslConfig>
 							<ramp:property
name="javax.net.ssl.trustStore">d:/ws/wss/tomcat.keystore</ramp:property>
					</ramp:sslConfig>
        </ramp:RampartConfig>
      </wsp:All>
    </wsp:ExactlyOne>
   </wsp:Policy>
</service>

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


Mime
View raw message