Hi everyone,
Example 200 shows how to engage security on a proxy that uses a x509 style
policy. That works great. However, I am trying to instead use UsernameToken
style with the following policy:
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens xmlns:sp="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
">
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:passwordCallbackClass>samples.userguide.PWCallback</ramp:passwordCallbackClass>
<ramp:user>alice</ramp:user>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
My inbound SOAP message looks like:
<soapenv:Envelope xmlns:hel="http://helloworld"; xmlns:soapenv="
http://schemas.xmlsoap.org/soap/envelope/";>
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
">
<wsse:UsernameToken wsu:Id="UsernameToken-14134009" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<wsse:Username>alice</wsse:Username>
<wsse:Password Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">password</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<hel:getGreetings>
<hel:name>Hi!</hel:name>
</hel:getGreetings>
</soapenv:Body>
</soapenv:Envelope>
However, I always get soap fault with a description of: InvalidSecurity
I think my policy file is okay, cause when I use for engaging security on an
outbound message, it works fine (i.e., adds the WS-Security header).
Any ideas?
jeff
