axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nencho Lupanov" <nencholupa...@googlemail.com>
Subject [axis2]WS Security Policy includeToken option problem
Date Wed, 02 May 2007 13:19:27 GMT
Hi All ,

I am trying the rampart sample that comes with the distro.
I am going with sample01, only that i wanted it to be slightly different:
I change the sp:IncludeToken attribute, so instead of:


<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/
AlwaysToRecipient" />

</wsp:Policy>

</sp:SignedSupportingTokens>



I have:

<sp:SignedSupportingTokens xmlns:sp="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">

<wsp:Policy>

<sp:UsernameToken sp:IncludeToken="
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once" />

</wsp:Policy>

</sp:SignedSupportingTokens>

I am saying that in both requests i can found the following soap with
tcpmon:

<wsse:UsernameToken xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="UsernameToken-1673653"><wsse:Username>my_username</wsse:Username><wsse:Password
Type="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
">my_password</wsse:Password></wsse:UsernameToken>

Does this means that the username and password will be sent only the first
time?I tryed this but I still get the whole Usernametoken trasffered every
time?Is this supposed to work like this or is there a bug in the rampart
handling of the security policy?

Thanks,

Nencho

Mime
View raw message