I am using Axis2 v1.3 and Rampart v1.3 on JBossAS v4.0.5 running on Java 1.6.0_03.
My goal is to allow access to my service only to those clients who possess a certificate that I issued (using a self-signed CA certificate.) I also require that the client submit some unique ID -- preferably their encryptionUser (the name that I originally created when issuing the client's certificate.) I used the information found on this page to create my certificates: http://wso2.org/library/174 My final requirement is to retrieve the IP address of the connecting client. I have tried several different forms of policy.xml, but I've become confused. I don't understand exactly what tags enforce a signature. I've been reading ws-securitypolicy.pdf (2005, v1.1) but I don't completely understand it. What does the OnlySignEntireHeadersAndBody assertion do? How can I require a signature? How can I pass the encryptionUser rather than some arbitrarily-named user token? How can I obtain the client's IP address? Thanks, Nate Roe
