Hi Nandana,
yes you are right that the policy doesn't provide any security at all.
No integrity or confidentiality protections, no timestamp and no
supporting tokens. This is because I tried to create a minimalistic
scenario in order to debug that problem.
Anyway I am a little bit new to all that WS security stuff, so excuse
me if I do not understand correct some things.
Ok, it is a little bit away from the topic, but will be enough for
symmetric binding to add only timestamp? (Defenetly I have problems
running the symmetric scenarious) My scenario throws the following
exception in this case:
"Unexpected encrypted data found, no encryption required" - what
does it mean? Why this is thrown?
Anyway in this case I have the following services.xml:
<serviceGroup>
<service name="HelloPojo">
<description>Web Service HelloPojo</description>
<parameter
name="ServiceClass">com.mycompany.wsstack.pojo.HelloPojo</parameter>
<messageReceivers>
<messageReceiver
class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"
mep="http://www.w3.org/2004/08/wsdl/in-out"/>
</messageReceivers>
<operation name="sayHello"/>
<wsp:Policy wsu:Id="User defined"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
<sp:RequireDerivedKeys/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:Basic128/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:SymmetricBinding>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</sp:Policy>
</sp:Wss10>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy/>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>service</ramp:user>
<ramp:encryptionUser>client</ramp:encryptionUser>
<ramp:passwordCallbackClass>com.mycompany.wsstack.pwcb.PasswordCallbackHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">openssl</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">openssl</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<module ref="addressing"/>
<module ref="rampart"/>
</service>
</serviceGroup>
And here is the SOAP request:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-21559496">
<wsu:Created>2007-11-09T15:27:48.734Z</wsu:Created>
<wsu:Expires>2007-11-09T15:32:48.734Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="EncKeyId-31478058">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>9kbwRNyMypNWhulx0JkHVOFvRB8=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>Wjv/K7myrhfXUUC0ioivXkUKTUt92qCsYbUPyDjKHzggfL33+MaWmQFJMT5GLsSIu82Pgvx5GLHA+YmlkxnUkxSz44khHHKLxKc6UjUAKvuLkDPnjq7gJAOp4KgXoIopSjkdhd3EMqK+uZJUDrEDpgkvc5AN4i0BQYGaCPrcFjA=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<wsc:DerivedKeyToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="derivedKeyId-21657019">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#EncKeyId-31478058"/>
</wsse:SecurityTokenReference>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>NQxv+tVJKNDpWUC4T9CF5A==</wsc:Nonce>
<wsc:Offset>0</wsc:Offset>
</wsc:DerivedKeyToken>
<xenc:ReferenceList/>
<wsc:DerivedKeyToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="derivedKeyId-4634890">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#EncKeyId-31478058"/>
</wsse:SecurityTokenReference>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>DcwdbFQtJ3CXF8Hl8lclHA==</wsc:Nonce>
<wsc:Offset>0</wsc:Offset>
</wsc:DerivedKeyToken>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-19321823">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<ds:Reference URI="#Timestamp-21559496">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>WdrQ6M73dnu+teZdhOji4RF0dYg=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>oGm+dvTmJWBSK5lPMVUGNhqUgQA=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-11642082">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-12582949">
<wsse:Reference
URI="#derivedKeyId-4634890"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:To>http://127.0.0.1:8082/wsstack/services/HelloPojo</wsa:To>
<wsa:MessageID>urn:uuid:FD5D2868B13DE6F2591194622068381</wsa:MessageID>
<wsa:Action>urn:sayHello</wsa:Action>
</soapenv:Header>
<soapenv:Body>
<xsd:sayHello xmlns:xsd="http://pojo.wsstack.mycompany.com";>
<xsd:name>Dodo!</xsd:name>
</xsd:sayHello>
</soapenv:Body>
</soapenv:Envelope>
In order to solve that problem I can add the encryption of the body.
in this case I have added to the service.xml the following:
<sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:EncryptedParts>
<sp:SignedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
<sp:EncryptedElements
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/>
of cource in this case we need only the <sp:EncryptedParts/> tag but
this is something generated with an Eclipse plugin that I use. I think
it is not a problem.
So when the encryption of the body is added everything is ok and I
have the following SOAP request:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";
xmlns:wsa="http://www.w3.org/2005/08/addressing";>
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Timestamp-21559496">
<wsu:Created>2007-11-09T15:43:14.593Z</wsu:Created>
<wsu:Expires>2007-11-09T15:48:14.593Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="EncKeyId-31478058">
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";>9kbwRNyMypNWhulx0JkHVOFvRB8=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>vMuLINyVMuuEQP+2H9y6RuB5XxSWX58eXNRJxhy1xNDD8qJmS4V2t/4QKP+KiBNpoUyODtrewPl6C8FIq4TW2Crn1Y4Rc7wMIWlPa6fDZcJYBTLhfkd/+d7vECbEiujl+5KV6fmPl9jGEo2oLzEXouI4l/Gl2ZmA8INOlNhPH1Q=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<wsc:DerivedKeyToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="derivedKeyId-24607203">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#EncKeyId-31478058"/>
</wsse:SecurityTokenReference>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>7okw3cKjCBrrJNAut6v3QQ==</wsc:Nonce>
<wsc:Offset>0</wsc:Offset>
</wsc:DerivedKeyToken>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-31561261"/>
</xenc:ReferenceList>
<wsc:DerivedKeyToken
xmlns:wsc="http://schemas.xmlsoap.org/ws/2005/02/sc";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="derivedKeyId-4634890">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#EncKeyId-31478058"/>
</wsse:SecurityTokenReference>
<wsc:Length>16</wsc:Length>
<wsc:Nonce>xaxsnwLjqIovWMjRKBrMcg==</wsc:Nonce>
<wsc:Offset>0</wsc:Offset>
</wsc:DerivedKeyToken>
<ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";
Id="Signature-19321823">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<ds:Reference URI="#Timestamp-21559496">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>sIyy/hWLVDRHsJpqQF6Lh3BQ4XY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>TuDh67sGndIpujystsK34FLupN4=</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-11642082">
<wsse:SecurityTokenReference
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="STRId-12582949">
<wsse:Reference
URI="#derivedKeyId-4634890"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
<wsa:To>http://127.0.0.1:8082/wsstack/services/HelloPojo</wsa:To>
<wsa:MessageID>urn:uuid:AE58F07F8BFD49BBAE1194622994209</wsa:MessageID>
<wsa:Action>urn:sayHello</wsa:Action>
</soapenv:Header>
<soapenv:Body
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
wsu:Id="Id-31561261">
<xenc:EncryptedData Id="EncDataId-31561261"
Type="http://www.w3.org/2001/04/xmlenc#Content";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>
<wsse:Reference
URI="#derivedKeyId-24607203"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>FK3EiiuMWecPSvNUArvtyFThQODcj3FHCJM0rLzC7OJ4PtLoil3oBYJNmE4+w8n7lPhws6xsg3+u
y/TGPDfLvc+0C7bQfb5AW4U8sWoQDtUt3icnz1/NuF3ve+udPrR5SWFPSlYov6zHpJ/enTWPVg+L
PRrxDIUwOtdr/WCmHAiHqJKaKTc7msbUz1tF6GR5zhQg3FL0krVZZPaOM54zND+PjK5MjhNlLB+H
SWe7wYv0ZEV0vvWGxD6aVPMLGqF8eYn3/y68L0kk1FED+8nxVMQxpFuYaPi8KRNvGfVRnYdFC/2L
DaTtmXQIEizTuLgyL/nygT8v4lgEdWjPfLgmlmTTYrzLynHFHzclsf4TC0wjyLOEkuxA2WuANyVT
2ttppZvoPQ66m/KUy/IhQ9Nb1JdzlpECVUyzpHUaPKGEIOIAnG/aVleN0WE+TyMDWFHaH4OxI4+G
eoyzlb+1tT/uv7Rqf1GCQtLqSjAp+dgIksU=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
Can you tell me what is the problem from your point of view? Do you
think I should post the JIRA request?
Thank you in advance!
Dobri
On Nov 9, 2007 2:19 PM, Nandana Mihindukulasooriya
<[EMAIL PROTECTED]> wrote:
> Hi Dobri,
> I came across the same problem when there is an empty signature element
> in
> the message. That is if there are no references in the signature element,
> xmlsec
> can't process that signature. Looking at the policy, we can see it is the
> case here.
> So can you post your soap request ? Can you put JIRA [1] if this is the
> case. This
> can be fixed in Rampart. We can simply avoid creating a signature when there
> is
> nothing to sign.
> BTW, I have a small problem about your policy. As it seems this policy
> doesn't
> provide any security at all. No integrity or confidentiality protections,
> no timestamp
> and no supporting tokens.
>
> Regards,
> Nandana
>
> [1] - http://issues.apache.org/jira/browse/Rampart
>
> On Nov 9, 2007 4:54 PM, Dobri Kitipov <[EMAIL PROTECTED]>
> wrote:
>
>
> > Hi everybody,
> > I know this is a question that has been already asked in this mailing
> > list but there is no answer to it.
> > My environment is based on Axis2 1.3, Rampart 1.3. and
> > xmlsec-1.4.1.jar. What I am testing is the symmetric binding.
> > The problem is that I am receiving the following exception when
> > invoking the service:
> >
> > 2007-11-09 11:58:24 (axis2_test.log) 09:11:2007 11:58:24,406
> > [http-8081-Processor24] (AxisServlet.java:159) ERROR
> > org.apache.axis2.transport.http.AxisServlet - Cannot find Reference
> > in Manifest
> > 2007-11-09 11:58:24 (axis2_test.log) org.w3c.dom.DOMException: Cannot
> > find Reference in Manifest
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.xml.security.signature.Manifest.<init>(Unknown Source)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(
> > SignatureProcessor.java:161)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.ws.security.processor.SignatureProcessor.handleToken(
> > SignatureProcessor.java:85)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > WSSecurityEngine.java:284)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > WSSecurityEngine.java:206)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(
> > WSSecurityEngine.java:159)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.rampart.RampartEngine.process(RampartEngine.java:127)
> > 2007-11-09 11:58:24 (axis2_test.log) at
> > org.apache.rampart.handler.RampartReceiver.invoke(RampartReceiver.java:85)
> > etc.........
> >
> > Here is my services.xml:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <serviceGroup>
> > <service name="HelloPojo">
> > <description>Web Service HelloPojo</description>
> > <parameter name="ServiceClass">
> > com.mycompany.wsstack.pojo.HelloPojo</parameter>
> > <messageReceivers>
> > <messageReceiver
> > class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"
> > mep="http://www.w3.org/2004/08/wsdl/in-out"/>
> > </messageReceivers>
> > <operation name="sayHello"/>
> > <wsp:Policy wsu:Id="User defined"
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
> > xmlns:wsu="
> > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> > ">
> > <wsp:ExactlyOne>
> > <wsp:All>
> > <sp:SymmetricBinding
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <wsp:Policy>
> >
> > <sp:ProtectionToken>
> > <wsp:Policy
> > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
> >
> > <sp:X509Token
> > sp:IncludeToken="
> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
> >
> > <wsp:Policy>
> >
> > <sp:WssX509V3Token10/>
> >
> > <sp:RequireDerivedKeys/>
> >
> > </wsp:Policy>
> >
> > </sp:X509Token>
> >
> > </wsp:Policy>
> >
> > </sp:ProtectionToken>
> > <sp:AlgorithmSuite
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> >
> > <wsp:Policy>
> >
> > <sp:Basic128/>
> >
> > </wsp:Policy>
> >
> > </sp:AlgorithmSuite>
> > <sp:Layout>
> >
> > <wsp:Policy>
> >
> > <sp:Strict/>
> >
> > </wsp:Policy>
> > </sp:Layout>
> > </wsp:Policy>
> > </sp:SymmetricBinding>
> > <sp:Wss10 xmlns:sp="
> > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <sp:Policy>
> >
> > <sp:MustSupportRefKeyIdentifier/>
> >
> > <sp:MustSupportRefIssuerSerial/>
> > </sp:Policy>
> > </sp:Wss10>
> > <sp:SignedSupportingTokens
> > xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
> > <wsp:Policy/>
> > </sp:SignedSupportingTokens>
> > <ramp:RampartConfig xmlns:ramp="
> > http://ws.apache.org/rampart/policy";>
> >
> > <ramp:user>service</ramp:user>
> >
> > <ramp:encryptionUser>client</ramp:encryptionUser>
> >
> > <ramp:passwordCallbackClass>
> > com.mycompany.wsstack.pwcb.PasswordCallbackHandler
> > </ramp:passwordCallbackClass>
> > <ramp:signatureCrypto>
> > <ramp:crypto
> > provider="org.apache.ws.security.components.crypto.Merlin">
> >
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.type
> > ">JKS</ramp:property>
> >
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.file">service.jks
> > </ramp:property>
> >
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.password
> > ">openssl</ramp:property>
> > </ramp:crypto>
> > </ramp:signatureCrypto>
> > <ramp:encryptionCypto>
> > <ramp:crypto
> > provider="org.apache.ws.security.components.crypto.Merlin">
> >
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.type
> > ">JKS</ramp:property>
> >
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.file">service.jks
> > </ramp:property>
> >
> > <ramp:property
> > name="org.apache.ws.security.crypto.merlin.keystore.password
> > ">openssl</ramp:property>
> > </ramp:crypto>
> > </ramp:encryptionCypto>
> > </ramp:RampartConfig>
> > </wsp:All>
> > </wsp:ExactlyOne>
> > </wsp:Policy>
> > <module ref="addressing"/>
> > <module ref="rampart"/>
> > </service>
> > </serviceGroup>
> >
> >
> > Can someone give me some info about that problem?
> >
> >
> > Thank you in advance!
> > Dobri
> >
>
