Hi Tirtza,
It seems something like this would will work for you. You have to
specify what should be signed within the
<sp:SignedParts></sp:SignedParts>.
<wsp:Policy wsu:Id="MutualCertificate10Sign_IPingService_policy"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";>
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<sp:Wss10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:Trust10 xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
<ramp:user>XXX</ramp:user>
<ramp:passwordCallbackClass>
com.wso2.interop.wcf.wss10.WSS10Client</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="
org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.file">keys/sec.jks</ramp:property>
<ramp:property name="
org.apache.ws.security.crypto.merlin.keystore.password
">password</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
Regards,
Nandana
On 10/18/07, Tirtza Bernstein <[EMAIL PROTECTED]> wrote:
>
> It look slike you are using axis1. I need a solution for axis2.
> I have Rampart set up properly I just need a policy.xml which will allow
> me to send a client certificate. (no encryption and no timestamp)
>
> Does anyone have a policy.xml that defines this?
>
> ------------------------------
> *From:* Senthivel U S [mailto:[EMAIL PROTECTED]
> *Sent:* Thursday, October 18, 2007 1:17 PM
> *To:* axis-user@ws.apache.org
> *Subject:* RE: Rampart signature
>
> Hi,
>
>
>
> Couple of days back I had the same problem but I could not make it using
> rampart but solved the problem. Find below the working code. I have created
> the stub using wsdl with Eclipse IDE.
>
>
>
> URL endPointURL = new URL("http:// ");
>
> EngineConfiguration config = new FileProvider("client_deploy.wsdd");
>
> Service service = new Service(config);
>
> TestSoapStub stub = new TestSoapStub(endPointURL, service);
>
>
>
> stub._setProperty(WSHandlerConstants.ACTION,
> WSHandlerConstants.SIGNATURE);
>
> stub._setProperty(WSHandlerConstants.SIG_PROP_FILE,
> "client_crypto.properties");
>
> stub._setProperty(WSHandlerConstants.USER, "client");
>
> stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS,"
> com.unistream.client.ServiceSecurityHandler");
>
> stub._setProperty(WSHandlerConstants.SIG_KEY_ID
> ,"DirectReference");
>
>
>
> stub.login(userID,password);
>
>
>
> client.deploy.wsdd file (just copy the same contents)
>
>
>
> <deployment xmlns="http://xml.apache.org/axis/wsdd/"; xmlns:java="
> http://xml.apache.org/axis/wsdd/providers/java";>
>
> <transport name="http" pivot="java:
> org.apache.axis.transport.http.HTTPSender"/>
>
> <globalConfiguration >
>
> <requestFlow >
>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender" >
>
> </handler>
>
> </requestFlow >
>
> </globalConfiguration >
>
> </deployment>
>
>
>
> client_crypto.properties file (just copy the same contents and change
> the keystore.password, keystore.alias, alias.password, merlin.fileaccording
> to ur spec)
>
>
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>
> org.apache.ws.security.crypto.merlin.keystore.type=jks
>
> org.apache.ws.security.crypto.merlin.keystore.password=xyzabc
>
> org.apache.ws.security.crypto.merlin.keystore.alias=client
>
> org.apache.ws.security.crypto.merlin.alias.password= xyzabc
>
> org.apache.ws.security.crypto.merlin.file=client.jks
>
>
>
> If you find any other better solution, please let me know.
>
>
>
> Regards,
>
>
>
> -senthil
>
>
> ------------------------------
>
> *From:* Tirtza Bernstein [mailto:[EMAIL PROTECTED]
> *Sent:* Wednesday, October 17, 2007 7:54 PM
> *To:* axis-user@ws.apache.org
> *Subject:* Rampart signature
>
>
>
> I am using Axis2-1.3 and Rampart 1.3.
>
> I am the client and my requests need to be signed.
>
>
>
> My axis.client.xml includes the following
>
>
>
> <module ref="rampart" />
>
>
>
> <parameter name="OutflowSecurity">
> <action>
> <items>Signature</items>
> <user>wally</user>
> <signaturePropFile>crypto.properties</signaturePropFile>
> <passwordCallbackClass>net.idt.svp.security.PWCallback
> </passwordCallbackClass>
> <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
> </action>
> </parameter>
>
>
>
> <parameter name="InflowSecurity">
> <action>
> <items>Signature</items>
> <signaturePropFile>crypto.properties</signaturePropFile>
> </action>
> </parameter>
>
>
>
> My crypto.properties
>
>
>
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=jks
>
> org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.jks
> org.apache.ws.security.crypto.merlin.keystore.password=pswd
>
> My Client includes the following:
>
> _serviceClient.getOptions().setTo(new
> org.apache.axis2.addressing.EndpointReference(targetEndpoint));
>
> _serviceClient.getOptions().setUseSeparateListener(useSeparateListener);
>
>
>
> StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml");
>
> Policy clientPolicy = PolicyEngine.getPolicy(
> builder.getDocumentElement());
> _serviceClient.getOptions().setProperty(
> RampartMessageData.KEY_RAMPART_POLICY, clientPolicy);
> _serviceClient.engageModule("rampart");
>
> My problem is that I have no clue how to set up the policy.xml. Rampart's
> examples do not include an example of pure signature only (no timestamp).
>
>
>
>
>
> Can someone supply me with an example?
>
> Thanks.
>
