> A quick question: What is the policy.xml file for if you already have the > policy within the services.xml file? >
In the examples, clients loads policies from those policy.xml files. If you go through the source code of the clients you will be able to notice this. thanks, nandana -----Original Message----- > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] > Sent: Mon 7/14/2008 8:22 AM > To: [email protected] > Subject: Re: Newbie Basics: Security Policy > > > > > Also, in addition to my last question, for clarity, is the Security > Policy > > really just understanding and using the syntax from the OASIS WS-Security > > Policy documentation and only the > > <ramp:RampartConfig>...</ramp:RampartConfig> parts actually what is used > to > > incorporate Rampart? > > > > Yes, exactly. > > -----Original Message----- > > From: Roxanne Yee [mailto:[EMAIL PROTECTED] > > Sent: Mon 7/14/2008 8:17 AM > > To: [email protected] > > Subject: RE: Newbie Basics: Security Policy > > > > Actually, I'm using soapUI as the client, so it is possible to ignore all > > files with the word "client" in them? > > > > > > -----Original Message----- > > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] > > Sent: Mon 7/14/2008 8:01 AM > > To: [email protected] > > Subject: Re: Newbie Basics: Security Policy > > > > Hi Roxane, > > > > This is the policy to be used. Hope you know how to attach this policy to > > services.xml and to a client. Please go through the Rampart policy > samples > > and you will be able to see how that is done. If you have further > > questions, > > please feel free to throw them in. > > > > regards, > > nandana > > > > <wsp:Policy wsu:Id="UT" xmlns:wsu=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SupportingTokens xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:UsernameToken sp:IncludeToken=" > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > " > > /> > > </wsp:Policy> > > </sp:SupportingTokens> > > > > <ramp:RampartConfig xmlns:ramp=" > http://ws.apache.org/rampart/policy > > "> > > > > <ramp:user>username</ramp:user> > > > > > > > <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass> > > </ramp:RampartConfig> > > > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > > > On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote: > > > > > If I simply wanted to implement a web service that used a User Name > Token > > > authentication system with a Username and Password in Plaintext (no SSL > > for > > > now, cause I'm a little sketchy on how to actually set that up), what > > would > > > I need to do if using the Policy handler configuration? > > > > > > Thanks. > > > > > > => RY > > > > > > > > > > >
