Hi,
I'm attempting to get a WS-Policy XML defined that will support
UserNameToken with a password digest. Here's my policy file:
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:HashPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="
http://ws.apache.org/rampart/policy";>
<ramp:user>alice</ramp:user>
<ramp:encryptionUser>bob</ramp:encryptionUser>
<ramp:passwordCallbackClass>samples.userguide.PWCallback
</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
When I run this, it just brings back the password in the clear, i.e.,:
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">password</wsse:Password>
Where as I am expecting something like:
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest
">fwfVj34yd9/LSCWcJVwm6jDNIkQ=</wsse:Password>
Now, I suspect it's because I'm using the wrong WS-SecurityPolicy namespace,
but when I switch it to the one ending in 200702, I get no UserName returned
at all.
Any help would be greatly appreciated!
jeff
