Author: thilinamb Date: Wed Feb 23 15:08:31 2011 New Revision: 1073767 URL: http://svn.apache.org/viewvc?rev=1073767&view=rev Log: Applying the patch provided by AmilaJ for RAMPART-299. Adding the sample policy files.
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml?rev=1073767&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml
(added)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-4.xml
Wed Feb 23 15:08:31 2011
@@ -0,0 +1,123 @@
+<wsp:Policy wsu:Id="SecConvPolicy4"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy wsu:Id="SigEncrTripleDesRSA15"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+
<wsp:ExactlyOne>
+
<wsp:All>
+
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:InitiatorToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:InitiatorToken>
+
<sp:RecipientToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:RecipientToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:TripleDesRsa15/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Strict/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:OnlySignEntireHeadersAndBody/>
+
</wsp:Policy>
+
</sp:AsymmetricBinding>
+
<sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
</wsp:Policy>
+
</sp:Wss10>
+
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<sp:Body/>
+
</sp:SignedParts>
+
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<sp:Body/>
+
</sp:EncryptedParts>
+
</wsp:All>
+
</wsp:ExactlyOne>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml?rev=1073767&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml
(added)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-5.xml
Wed Feb 23 15:08:31 2011
@@ -0,0 +1,131 @@
+<wsp:Policy wsu:Id="SecConvPolicy5"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy>
+
<sp:EncryptedParts>
+
<sp:Body/>
+
</sp:EncryptedParts>
+
<sp:SymmetricBinding>
+
<wsp:Policy>
+
<sp:ProtectionToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:ProtectionToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128Rsa15/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Strict/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:EncryptSignature/>
+
<sp:OnlySignEntireHeadersAndBody/>
+
</wsp:Policy>
+
</sp:SymmetricBinding>
+
<sp:EndorsingSupportingTokens>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:EndorsingSupportingTokens>
+
<sp:Wss11>
+
<wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
<sp:MustSupportRefThumbprint/>
+
<sp:MustSupportRefEncryptedKey/>
+
<sp:RequireSignatureConfirmation/>
+
</wsp:Policy>
+
</sp:Wss11>
+
<sp:Trust10>
+
<wsp:Policy>
+
<sp:MustSupportIssuedTokens/>
+
<sp:RequireClientEntropy/>
+
<sp:RequireServerEntropy/>
+
</wsp:Policy>
+
</sp:Trust10>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml?rev=1073767&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml
(added)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/policy/sc-6.xml
Wed Feb 23 15:08:31 2011
@@ -0,0 +1,98 @@
+<wsp:Policy wsu:Id="SecConvPolicy6"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy>
+
<sp:TransportBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:TransportToken>
+
<wsp:Policy>
+
<sp:HttpsToken RequireClientCertificate="false"/>
+
</wsp:Policy>
+
</sp:TransportToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Lax/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
</wsp:Policy>
+
</sp:TransportBinding>
+
<sp:SignedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";
/>
+
</wsp:Policy>
+
</sp:SignedSupportingTokens>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml?rev=1073767&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml
(added)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-4.xml
Wed Feb 23 15:08:31 2011
@@ -0,0 +1,177 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<service name="SecureServiceSC4">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy4"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy wsu:Id="SigEncrTripleDesRSA15"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+
<wsp:ExactlyOne>
+
<wsp:All>
+
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:InitiatorToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:InitiatorToken>
+
<sp:RecipientToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:RecipientToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:TripleDesRsa15/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Strict/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:OnlySignEntireHeadersAndBody/>
+
</wsp:Policy>
+
</sp:AsymmetricBinding>
+
<sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
</wsp:Policy>
+
</sp:Wss10>
+
<sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<sp:Body/>
+
</sp:SignedParts>
+
<sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<sp:Body/>
+
</sp:EncryptedParts>
+
</wsp:All>
+
</wsp:ExactlyOne>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property
name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set
to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+
<!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml?rev=1073767&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml
(added)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-5.xml
Wed Feb 23 15:08:31 2011
@@ -0,0 +1,186 @@
+<service name="SecureServiceSC5">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy5"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy>
+
<sp:EncryptedParts>
+
<sp:Body/>
+
</sp:EncryptedParts>
+
<sp:SymmetricBinding>
+
<wsp:Policy>
+
<sp:ProtectionToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:ProtectionToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128Rsa15/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Strict/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:EncryptSignature/>
+
<sp:OnlySignEntireHeadersAndBody/>
+
</wsp:Policy>
+
</sp:SymmetricBinding>
+
<sp:EndorsingSupportingTokens>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:EndorsingSupportingTokens>
+
<sp:Wss11>
+
<wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
<sp:MustSupportRefThumbprint/>
+
<sp:MustSupportRefEncryptedKey/>
+
<sp:RequireSignatureConfirmation/>
+
</wsp:Policy>
+
</sp:Wss11>
+
<sp:Trust10>
+
<wsp:Policy>
+
<sp:MustSupportIssuedTokens/>
+
<sp:RequireClientEntropy/>
+
<sp:RequireServerEntropy/>
+
</wsp:Policy>
+
</sp:Trust10>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property
name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set
to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+
<!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
Added:
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml
URL:
http://svn.apache.org/viewvc/axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml?rev=1073767&view=auto
==============================================================================
---
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml
(added)
+++
axis/axis2/java/rampart/branches/1_6/modules/rampart-integration/src/test/resources/rampart/services-sc-6.xml
Wed Feb 23 15:08:31 2011
@@ -0,0 +1,154 @@
+<service name="SecureServiceSC6">
+
+ <module ref="addressing"/>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <parameter locked="false"
name="ServiceClass">org.apache.rampart.Service</parameter>
+
+ <operation name="echo">
+ <messageReceiver
class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
+ <actionMapping>urn:echo</actionMapping>
+ </operation>
+
+ <wsp:Policy wsu:Id="SecConvPolicy6"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy>
+
<sp:TransportBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:TransportToken>
+
<wsp:Policy>
+
<sp:HttpsToken RequireClientCertificate="false"/>
+
</wsp:Policy>
+
</sp:TransportToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Lax/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
</wsp:Policy>
+
</sp:TransportBinding>
+
<sp:SignedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+
<wsp:Policy>
+
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";
/>
+
</wsp:Policy>
+
</sp:SignedSupportingTokens>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust13
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ <sp:EncryptedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>bob</ramp:user>
+ <ramp:encryptionUser>alice</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <parameter name="sct-issuer-config">
+ <sct-issuer-config>
+ <cryptoProperties>
+ <crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
+ <property
name="org.apache.ws.security.crypto.merlin.file">rampart/sts.jks</property>
+ <property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</property>
+ </crypto>
+ </cryptoProperties>
+ <addRequestedAttachedRef />
+ <addRequestedUnattachedRef />
+
+ <!--
+ Key computation mechanism
+ 1 - Use Request Entropy
+ 2 - Provide Entropy
+ 3 - Use Own Key
+ -->
+ <keyComputation>3</keyComputation>
+
+ <!--
+ proofKeyType element is valid only if the keyComputation is set
to 3
+ i.e. Use Own Key
+
+ Valid values are: EncryptedKey & BinarySecret
+ -->
+ <proofKeyType>BinarySecret</proofKeyType>
+ </sct-issuer-config>
+ </parameter>
+
+ <parameter name="token-canceler-config">
+ <token-canceler-config>
+ <!--<proofToken>EncryptedKey</proofToken>-->
+
<!--<cryptoProperties>sctIssuer.properties</cryptoProperties>-->
+ <!--<addRequestedAttachedRef />-->
+ </token-canceler-config>
+ </parameter>
+
+
+</service>
