Also, make sure that our Policy engine can enforce that transport-layer
encryption is being used (IIUC part of your requirements); I know it can
check message-layer encryption, but I'm not sure whether/how it knows
that SSL is being used.
Glen
On 02/03/2013 10:40 PM, Jason Pell wrote:
I think I answered my own question. It appears that the first
alternative is chosen by default, no matter what when using the
MinimalAlternativeSelector
The isCompatibleWithRequest method in BaseAlternativeSelector returns
true where the request == null.
And it looks as though request is always null on the server side
(which I guess makes sense)
Now I have to figure out if i can code up a AlternativeSelector based
on the content of the request information coming in from the client.
Any ideas would be welcome...
On Mon, Feb 4, 2013 at 11:51 AM, Jason Pell <[email protected]> wrote:
Hi,
I would like to configure a web service which requires one of two
security mechanisms:
1) UsernamePassword + SSL (NOT MUTUAL)
2) Username only + SSL with Mutual Authentication.
I was hoping to do this via WS-Policy ExactlyOnce matching, but it
does not seem to work.
What I was wanting to know is if I should expect it to work. I am
about to jump in and debug what is actually happening but was hoping
someone would help me before I got too far into it.
My policy is:
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy />
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken>
<wsp:Policy>
<sp:WssUsernameToken11 />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
<wsp:All>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken>
<wsp:Policy>
<sp:RequireClientCertificate />
</wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256 />
</wsp:Policy>
</sp:AlgorithmSuite>
</wsp:Policy>
</sp:TransportBinding>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken>
<wsp:Policy>
<sp:NoPassword
/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
--
Glen Mazza
Talend Community Coders - coders.talend.com
blog: www.jroller.com/gmazza
