All, as proposed by Sanka let's continue the discussion and reports about WS-Commons/Policy on the WSS4J list. We'll try to use Policy as starting point to enable WSS4J with some WS-SecurityPolicy functions.
Well, lets start. I did a small (in fact very small) example just to warm up to Policy methods. See the attachement for the Java file. The attachement msg.txt shows the result and the problems I have with the result. The input to the example was taken from the link to IBM's interop site (see msg.txt), selected "policy2", cut/paste it into a small file. This site also shows the expected result if this Policy is normalized (merge and intersect don't work yet?) Sanka, can you have a look into the result and the example Java and give some advise? Did I miss something, e.g. scanning the domain specific part (sec:) and using XOR / AND functions? Regards, Werner
Link: http://wsi.alphaworks.ibm.com:8080/wspolicy/services/policyService This is policy2.xml as presented in the above link. <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sec="http://schemas.xmlsoap.org/ws/2002/12/secext"; > <!-- 2 --> <sec:SecurityToken> <sec:TokenType>sec:X509v3</sec:TokenType> </sec:SecurityToken> <sec:SecurityHeader wsp:Optional="true" MustPrepend="true" MustManifestEncryption="true" /> <sec:Integrity wsp:Optional="false" > <sec:MessageParts Dialect="http://schemas.xmlsoap.org/ws/2002/12/wsse#soap"; > wsp:Body() </sec:MessageParts> </sec:Integrity> </wsp:Policy> The result of Normalize is show as follows: <wsp:Policy xmlns:ans1="http://schemas.xmlsoap.org/ws/2002/12/secext"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sec:SecurityToken xmlns:sec="http://schemas.xmlsoap.org/ws/2002/12/secext";> <sec:TokenType>sec:X509v3</sec:TokenType> </sec:SecurityToken> <ans1:SecurityHeader MustManifestEncryption="true" MustPrepend="true"/> <sec:Integrity xmlns:sec="http://schemas.xmlsoap.org/ws/2002/12/secext";> <sec:MessageParts Dialect="http://schemas.xmlsoap.org/ws/2002/12/wsse#soap";> wsp:Body() </sec:MessageParts> </sec:Integrity> </wsp:All> <wsp:All> <sec:SecurityToken xmlns:sec="http://schemas.xmlsoap.org/ws/2002/12/secext";> <sec:TokenType>sec:X509v3</sec:TokenType> </sec:SecurityToken> <sec:Integrity xmlns:sec="http://schemas.xmlsoap.org/ws/2002/12/secext";> <sec:MessageParts Dialect="http://schemas.xmlsoap.org/ws/2002/12/wsse#soap";> wsp:Body() </sec:MessageParts> </sec:Integrity> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Running the simple example program on commons/policy gives this result (line breaks inserted for better readability): <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sec:SecurityToken> <sec:TokenType>sec:X509v3</sec:TokenType> </sec:SecurityToken> <sec:SecurityHeader MustManifestEncryption="true" wsp:Optional="true" MustPrepend="true"> </sec:SecurityHeader> <sec:Integrity wsp:Optional="false"> <sec:MessageParts Dialect="http://schemas.xmlsoap.org/ws/2002/12/wsse#soap";> wsp:Body() </sec:MessageParts> </sec:Integrity> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Is this intended? It seems that commons/policy does not honor the wsp:Optional="true" attribute as described in WS-Policy. Or is ths domain specific stuff? The it should not have "wsp" as namespace, shouldn't it?
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:sec="http://schemas.xmlsoap.org/ws/2002/12/secext"; > <!-- 2 --> <sec:SecurityToken> <sec:TokenType>sec:X509v3</sec:TokenType> </sec:SecurityToken> <sec:SecurityHeader wsp:Optional="true" MustPrepend="true" MustManifestEncryption="true" /> <sec:Integrity wsp:Optional="false" > <sec:MessageParts Dialect="http://schemas.xmlsoap.org/ws/2002/12/wsse#soap"; > wsp:Body() </sec:MessageParts> </sec:Integrity> </wsp:Policy>
SimplePolicyExample.java
Description: SimplePolicyExample.java
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
