Author: ruchithf Date: Sun Oct 8 00:51:44 2006 New Revision: 454099 URL: http://svn.apache.org/viewvc?view=rev&rev=454099 Log: Updating SecRm policy
Modified:
webservices/sandesha/trunk/java/interop/conf/sec-client-policy.xml
webservices/sandesha/trunk/java/interop/conf/sec-services.xml
Modified: webservices/sandesha/trunk/java/interop/conf/sec-client-policy.xml
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/interop/conf/sec-client-policy.xml?view=diff&rev=454099&r1=454098&r2=454099
==============================================================================
--- webservices/sandesha/trunk/java/interop/conf/sec-client-policy.xml
(original)
+++ webservices/sandesha/trunk/java/interop/conf/sec-client-policy.xml Sun Oct
8 00:51:44 2006
@@ -1,4 +1,4 @@
-<wsp:Policy wsu:Id="Scenario51Policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+<wsp:Policy wsu:Id="SecConvPolicy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
@@ -7,34 +7,28 @@
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
+
<sp:RequireDerivedKeys/>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
-
<sp:AsymmetricBinding>
+
<sp:SymmetricBinding>
<wsp:Policy>
-
<sp:InitiatorToken>
-
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
-
</wsp:Policy>
-
</sp:InitiatorToken>
-
<sp:RecipientToken>
+
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:RequireThumbprintReference/>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
-
</sp:RecipientToken>
+
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
-
<sp:Basic256/>
+
<sp:Basic128Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -43,15 +37,29 @@
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
+
<sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
-
</sp:AsymmetricBinding>
-
<sp:Wss10>
+
</sp:SymmetricBinding>
+
<sp:EndorsingSupportingTokens>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:EndorsingSupportingTokens>
+
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
+
<sp:MustSupportRefThumbprint/>
+
<sp:MustSupportRefEncryptedKey/>
+
<sp:RequireSignatureConfirmation/>
</wsp:Policy>
-
</sp:Wss10>
+
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
@@ -67,24 +75,27 @@
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic128Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
- <sp:Lax/>
+ <sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:SymmetricBinding>
- <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
- </sp:Wss10>
+ </sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
@@ -92,89 +103,92 @@
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
-
- <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:Body/>
- </sp:EncryptedParts>
-
- <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
- <ramp:user>bob</ramp:user>
- <ramp:encryptionUser>alice</ramp:encryptionUser>
-
<ramp:passwordCallbackClass>org.apache.sandesha2.interop.PWCallback</ramp:passwordCallbackClass>
-
- <ramp:signatureCrypto>
- <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.file">interop/conf/store.jks</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:signatureCrypto>
- <ramp:encryptionCypto>
- <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.file">interop/conf/store.jks</ramp:property>
- <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
- </ramp:crypto>
- </ramp:encryptionCypto>
- <ramp:tokenIssuerPolicy>
- <wsp:Policy wsu:Id="Scenario51Policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
- <wsp:ExactlyOne>
- <wsp:All
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:EncryptedParts>
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:AsymmetricBinding>
- <wsp:Policy>
-
<sp:InitiatorToken>
-
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
-
</wsp:Policy>
-
</sp:InitiatorToken>
-
<sp:RecipientToken>
-
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
-
</wsp:Policy>
-
</sp:RecipientToken>
-
<sp:AlgorithmSuite>
-
<wsp:Policy>
-
<sp:Basic256/>
-
</wsp:Policy>
-
</sp:AlgorithmSuite>
-
<sp:Layout>
-
<wsp:Policy>
-
<sp:Strict/>
-
</wsp:Policy>
-
</sp:Layout>
-
<sp:IncludeTimestamp/>
-
<sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10>
- <wsp:Policy>
-
<sp:MustSupportRefKeyIdentifier/>
-
<sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:Trust10>
- <wsp:Policy>
-
<sp:MustSupportIssuedTokens/>
-
<sp:RequireClientEntropy/>
-
<sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
- </ramp:tokenIssuerPolicy>
- </ramp:RampartConfig>
- </wsp:All>
-</wsp:ExactlyOne>
-</wsp:Policy>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">interop/conf/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">interop/conf/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+
+ <ramp:tokenIssuerPolicy
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+
<sp:ProtectionToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:ProtectionToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128Rsa15/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+ <sp:Layout>
+
<wsp:Policy>
+
<sp:Strict/>
+
</wsp:Policy>
+ </sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:EncryptSignature/>
+
<sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
<sp:MustSupportRefThumbprint/>
+
<sp:MustSupportRefEncryptedKey/>
+
<sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+
<sp:MustSupportIssuedTokens/>
+
<sp:RequireClientEntropy/>
+
<sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ </wsp:Policy>
+ </ramp:tokenIssuerPolicy>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
\ No newline at end of file
Modified: webservices/sandesha/trunk/java/interop/conf/sec-services.xml
URL:
http://svn.apache.org/viewvc/webservices/sandesha/trunk/java/interop/conf/sec-services.xml?view=diff&rev=454099&r1=454098&r2=454099
==============================================================================
--- webservices/sandesha/trunk/java/interop/conf/sec-services.xml (original)
+++ webservices/sandesha/trunk/java/interop/conf/sec-services.xml Sun Oct 8
00:51:44 2006
@@ -30,109 +30,118 @@
</operation>
<!-- Rampart and Rahas configurations -->
- <wsp:Policy wsu:Id="Scenario51Policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <sp:ProtectionToken>
- <wsp:Policy>
-
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
-
<wsp:Policy>
-
<sp:BootstrapPolicy>
-
<wsp:Policy>
-
<sp:EncryptedParts>
-
<sp:Body/>
-
</sp:EncryptedParts>
-
<sp:AsymmetricBinding>
-
<wsp:Policy>
-
<sp:InitiatorToken>
-
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
-
</wsp:Policy>
-
</sp:InitiatorToken>
-
<sp:RecipientToken>
-
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
-
</wsp:Policy>
-
</sp:RecipientToken>
-
<sp:AlgorithmSuite>
-
<wsp:Policy>
-
<sp:Basic256/>
-
</wsp:Policy>
-
</sp:AlgorithmSuite>
-
<sp:Layout>
-
<wsp:Policy>
-
<sp:Strict/>
-
</wsp:Policy>
-
</sp:Layout>
-
<sp:IncludeTimestamp/>
-
<sp:OnlySignEntireHeadersAndBody/>
-
</wsp:Policy>
-
</sp:AsymmetricBinding>
-
<sp:Wss10>
-
<wsp:Policy>
-
<sp:MustSupportRefKeyIdentifier/>
-
<sp:MustSupportRefIssuerSerial/>
-
</wsp:Policy>
-
</sp:Wss10>
-
<sp:Trust10>
-
<wsp:Policy>
-
<sp:MustSupportIssuedTokens/>
-
<sp:RequireClientEntropy/>
-
<sp:RequireServerEntropy/>
-
</wsp:Policy>
-
</sp:Trust10>
-
</wsp:Policy>
-
</sp:BootstrapPolicy>
-
</wsp:Policy>
-
</sp:SecureConversationToken>
- </wsp:Policy>
- </sp:ProtectionToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
-
<sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
- <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
-
<sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust10>
-
+ <wsp:Policy wsu:Id="SecConvPolicy2"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:BootstrapPolicy>
+
<wsp:Policy>
+
<sp:EncryptedParts>
+
<sp:Body/>
+
</sp:EncryptedParts>
+
<sp:SymmetricBinding>
+
<wsp:Policy>
+
<sp:ProtectionToken>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:RequireDerivedKeys/>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:ProtectionToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128Rsa15/>
+
</wsp:Policy>
+
</sp:AlgorithmSuite>
+
<sp:Layout>
+
<wsp:Policy>
+
<sp:Strict/>
+
</wsp:Policy>
+
</sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:EncryptSignature/>
+
<sp:OnlySignEntireHeadersAndBody/>
+
</wsp:Policy>
+
</sp:SymmetricBinding>
+
<sp:EndorsingSupportingTokens>
+
<wsp:Policy>
+
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
+
</wsp:Policy>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:EndorsingSupportingTokens>
+
<sp:Wss11>
+
<wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
<sp:MustSupportRefThumbprint/>
+
<sp:MustSupportRefEncryptedKey/>
+
<sp:RequireSignatureConfirmation/>
+
</wsp:Policy>
+
</sp:Wss11>
+
<sp:Trust10>
+
<wsp:Policy>
+
<sp:MustSupportIssuedTokens/>
+
<sp:RequireClientEntropy/>
+
<sp:RequireServerEntropy/>
+
</wsp:Policy>
+
</sp:Trust10>
+
</wsp:Policy>
+
</sp:BootstrapPolicy>
+ </wsp:Policy>
+
</sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:EncryptedParts>
-
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>bob</ramp:user>
<ramp:encryptionUser>alice</ramp:encryptionUser>
-
<ramp:passwordCallbackClass>org.apache.sandesha2.interop.PWCallback</ramp:passwordCallbackClass>
+
<ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
@@ -148,70 +157,74 @@
<ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
- <ramp:tokenIssuerPolicy>
- <wsp:Policy wsu:Id="Scenario51Policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
- <wsp:ExactlyOne>
- <wsp:All
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
-
-
<sp:EncryptedParts>
-
<sp:Body/>
-
</sp:EncryptedParts>
-
<sp:AsymmetricBinding>
+
+ <ramp:tokenIssuerPolicy
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SymmetricBinding>
+ <wsp:Policy>
+
<sp:ProtectionToken>
<wsp:Policy>
-
<sp:InitiatorToken>
+
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
+
<sp:RequireDerivedKeys/>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
</wsp:Policy>
-
</sp:InitiatorToken>
-
<sp:RecipientToken>
-
<wsp:Policy>
-
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
-
<wsp:Policy>
-
<sp:WssX509V3Token10/>
-
</wsp:Policy>
-
</sp:X509Token>
-
</wsp:Policy>
-
</sp:RecipientToken>
-
<sp:AlgorithmSuite>
-
<wsp:Policy>
-
<sp:Basic256/>
-
</wsp:Policy>
-
</sp:AlgorithmSuite>
-
<sp:Layout>
-
<wsp:Policy>
-
<sp:Strict/>
-
</wsp:Policy>
-
</sp:Layout>
-
<sp:IncludeTimestamp/>
-
<sp:OnlySignEntireHeadersAndBody/>
+
</sp:X509Token>
+
</wsp:Policy>
+
</sp:ProtectionToken>
+
<sp:AlgorithmSuite>
+
<wsp:Policy>
+
<sp:Basic128Rsa15/>
</wsp:Policy>
-
</sp:AsymmetricBinding>
- <sp:Wss10>
+
</sp:AlgorithmSuite>
+ <sp:Layout>
<wsp:Policy>
-
<sp:MustSupportRefKeyIdentifier/>
-
<sp:MustSupportRefIssuerSerial/>
+
<sp:Strict/>
</wsp:Policy>
- </sp:Wss10>
- <sp:Trust10>
+ </sp:Layout>
+
<sp:IncludeTimestamp/>
+
<sp:EncryptSignature/>
+
<sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EndorsingSupportingTokens>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
-
<sp:MustSupportIssuedTokens/>
-
<sp:RequireClientEntropy/>
-
<sp:RequireServerEntropy/>
+
<sp:RequireThumbprintReference/>
+
<sp:WssX509V3Token10/>
</wsp:Policy>
- </sp:Trust10>
- </wsp:All>
- </wsp:ExactlyOne>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:EndorsingSupportingTokens>
+ <sp:Wss11>
+ <wsp:Policy>
+
<sp:MustSupportRefKeyIdentifier/>
+
<sp:MustSupportRefIssuerSerial/>
+
<sp:MustSupportRefThumbprint/>
+
<sp:MustSupportRefEncryptedKey/>
+
<sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10>
+ <wsp:Policy>
+
<sp:MustSupportIssuedTokens/>
+
<sp:RequireClientEntropy/>
+
<sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
</wsp:Policy>
</ramp:tokenIssuerPolicy>
+
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
-
+
<parameter name="sct-issuer-config">
<sct-issuer-config>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
