Sanka, all Sanka, the detection of the wsp:Optional attribute inside a PrimitiveAssertion did not work as expected, I fixed it (see latest checkins).
Unfortunatly this did not fix the wrong behavior of "Optional" handling. There is no second alternative generated during normalize. After putting in some trace it seems that PrimitiveAssertion.normalize() is never called thus is flag is never evaluated - Sanka, can you pls have a look into that. A new example shows how to merge two policies. I took the policies directly from Appendix C.3 of the WS SecurityPolicy specification. The first policy is a "binding" policy. This binding describes the overal security behaviour, which flags to set, security token types to use etc. The second policy, the message policy, describes to which parts of an actual message need signed, encrypted, etc. Both policies together form the real security policy. Attached is a pretty-printed result of this merge. Everybody is invited to have a look and to check if it is correct (by reading and applying the WS-SecurityPolicy specification :-) ). IMHO this separation into "binding" and "message" policy shall be reflected in the planned implementation for WSS4J. It is also clear that the security policies do not contain enough information to set-up the complete security handler: for example the user name(s) to identify the security tokens (certificates) is missing, maybe some other info as well. Regards, Werner
<Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <RecipientToken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <X509V3Token xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/> </wsp:All> </RecipientToken> <InitiatorToken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <X509V3Token xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/> </wsp:All> </InitiatorToken> <AlgorithmSuite xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <Basic256 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> </wsp:All> </AlgorithmSuite> <Layout xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <Strict xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> </wsp:All> </Layout> <IncludeTimestamp xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> <EncryptBeforeSigning xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> <EncryptSignature xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> <ProtectTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> <SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <UsernameToken xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once"/> </wsp:All> </SignedSupportingTokens> <SignedEndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <X509V3Token xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once"/> </wsp:All> </SignedEndorsingSupportingTokens> </wsp:All> </AsymmetricBinding> <Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:All> <RequireSignatureConfirmation xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> </wsp:All> </Wss11> <SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <Header xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; Name="Header1" Namespace="uri:namespace_1"/> <Header xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; Name="Header2" Namespace="uri:namespace_2"/> <Body xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> </SignedParts> <EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <Header xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"; Name="Header2" Namespace="uri:namespace_2"/> <Body xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> </EncryptedParts> </wsp:All> </wsp:ExactlyOne> </Policy>
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
