Hi Tirtza, It seems something like this would will work for you. You have to specify what should be signed within the <sp:SignedParts></sp:SignedParts>.
<wsp:Policy wsu:Id="MutualCertificate10Sign_IPingService_policy" xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd " xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient "> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:SignedParts xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:Body/> </sp:SignedParts> <sp:Wss10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:Trust10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportIssuedTokens/> <sp:RequireClientEntropy/> <sp:RequireServerEntropy/> </wsp:Policy> </sp:Trust10> <ramp:RampartConfig xmlns:ramp=" http://ws.apache.org/rampart/policy"> <ramp:user>XXX</ramp:user> <ramp:passwordCallbackClass> com.wso2.interop.wcf.wss10.WSS10Client</ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider=" org.apache.ws.security.components.crypto.Merlin"> <ramp:property name=" org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name=" org.apache.ws.security.crypto.merlin.file">keys/sec.jks</ramp:property> <ramp:property name=" org.apache.ws.security.crypto.merlin.keystore.password ">password</ramp:property> </ramp:crypto> </ramp:signatureCrypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Regards, Nandana On 10/18/07, Tirtza Bernstein <[EMAIL PROTECTED]> wrote: > > It look slike you are using axis1. I need a solution for axis2. > I have Rampart set up properly I just need a policy.xml which will allow > me to send a client certificate. (no encryption and no timestamp) > > Does anyone have a policy.xml that defines this? > > ------------------------------ > *From:* Senthivel U S [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, October 18, 2007 1:17 PM > *To:* axis-user@ws.apache.org > *Subject:* RE: Rampart signature > > Hi, > > > > Couple of days back I had the same problem but I could not make it using > rampart but solved the problem. Find below the working code. I have created > the stub using wsdl with Eclipse IDE. > > > > URL endPointURL = new URL("http:// "); > > EngineConfiguration config = new FileProvider("client_deploy.wsdd"); > > Service service = new Service(config); > > TestSoapStub stub = new TestSoapStub(endPointURL, service); > > > > stub._setProperty(WSHandlerConstants.ACTION, > WSHandlerConstants.SIGNATURE); > > stub._setProperty(WSHandlerConstants.SIG_PROP_FILE, > "client_crypto.properties"); > > stub._setProperty(WSHandlerConstants.USER, "client"); > > stub._setProperty(WSHandlerConstants.PW_CALLBACK_CLASS," > com.unistream.client.ServiceSecurityHandler"); > > stub._setProperty(WSHandlerConstants.SIG_KEY_ID > ,"DirectReference"); > > > > stub.login(userID,password); > > > > client.deploy.wsdd file (just copy the same contents) > > > > <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java=" > http://xml.apache.org/axis/wsdd/providers/java"> > > <transport name="http" pivot="java: > org.apache.axis.transport.http.HTTPSender"/> > > <globalConfiguration > > > <requestFlow > > > <handler type="java:org.apache.ws.axis.security.WSDoAllSender" > > > </handler> > > </requestFlow > > > </globalConfiguration > > > </deployment> > > > > client_crypto.properties file (just copy the same contents and change > the keystore.password, keystore.alias, alias.password, merlin.fileaccording > to ur spec) > > > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > > org.apache.ws.security.crypto.merlin.keystore.type=jks > > org.apache.ws.security.crypto.merlin.keystore.password=xyzabc > > org.apache.ws.security.crypto.merlin.keystore.alias=client > > org.apache.ws.security.crypto.merlin.alias.password= xyzabc > > org.apache.ws.security.crypto.merlin.file=client.jks > > > > If you find any other better solution, please let me know. > > > > Regards, > > > > -senthil > > > ------------------------------ > > *From:* Tirtza Bernstein [mailto:[EMAIL PROTECTED] > *Sent:* Wednesday, October 17, 2007 7:54 PM > *To:* axis-user@ws.apache.org > *Subject:* Rampart signature > > > > I am using Axis2-1.3 and Rampart 1.3. > > I am the client and my requests need to be signed. > > > > My axis.client.xml includes the following > > > > <module ref="rampart" /> > > > > <parameter name="OutflowSecurity"> > <action> > <items>Signature</items> > <user>wally</user> > <signaturePropFile>crypto.properties</signaturePropFile> > <passwordCallbackClass>net.idt.svp.security.PWCallback > </passwordCallbackClass> > <signatureKeyIdentifier>DirectReference</signatureKeyIdentifier> > </action> > </parameter> > > > > <parameter name="InflowSecurity"> > <action> > <items>Signature</items> > <signaturePropFile>crypto.properties</signaturePropFile> > </action> > </parameter> > > > > My crypto.properties > > > > > org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin > org.apache.ws.security.crypto.merlin.keystore.type=jks > > org.apache.ws.security.crypto.merlin.file=J:\svp_prime\trunk\security\test.jks > org.apache.ws.security.crypto.merlin.keystore.password=pswd > > My Client includes the following: > > _serviceClient.getOptions().setTo(new > org.apache.axis2.addressing.EndpointReference(targetEndpoint)); > > _serviceClient.getOptions().setUseSeparateListener(useSeparateListener); > > > > StAXOMBuilder builder = new StAXOMBuilder("resources/policy.xml"); > > Policy clientPolicy = PolicyEngine.getPolicy( > builder.getDocumentElement()); > _serviceClient.getOptions().setProperty( > RampartMessageData.KEY_RAMPART_POLICY, clientPolicy); > _serviceClient.engageModule("rampart"); > > My problem is that I have no clue how to set up the policy.xml. Rampart's > examples do not include an example of pure signature only (no timestamp). > > > > > > Can someone supply me with an example? > > Thanks. >