axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dimuthu <muthu...@apache.org>
Subject Re: encrypting the usernametoken header and the body using policy
Date Wed, 30 May 2007 03:24:32 GMT
Hi Rishi,

Try the policy file here with the latest build.
https://issues.apache.org/jira/secure/attachment/12357759/policy_ut_xpath.xml

Good luck,
Dimuthu

http://wso2.org


On Tue, 2007-05-29 at 16:54 -0400, Rishi krish wrote:
> Hi All
> I am new to policy and struggling to create a server policy file where
> in I can specify the requirement that the usernametoken header should
> be encrypted as well as the body. Does anyone has any sample policy
> which will do that. I had this policy file but the server fails me
> saying that the EncryptedData was not expected error. 
>  
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512"
> xmlns:spe="http://www.ibm.com/xmlns/prod/websphere/200605/ws-securitypolicy-ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xmi="http://schema.omg.org/spec/XMI/1.0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
>     <sp:SupportingTokens>
>         <wsp:Policy wsu:Id="request:uname_token">
>             <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
>                 <wsp:Policy>
>                     <sp:WssUsernameToken10>
>                     </sp:WssUsernameToken10> 
>                 </wsp:Policy>
>             </sp:UsernameToken>
>         </wsp:Policy>
>     </sp:SupportingTokens>
>   <sp:AsymmetricBinding>
>     <wsp:Policy>
>       <sp:InitiatorToken> 
>         <wsp:Policy>
>           <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator">
>             <wsp:Policy>
>               <sp:WssX509V3Token10 />
>             </wsp:Policy>
>           </sp:X509Token>
>         </wsp:Policy>
>       </sp:InitiatorToken> 
>       <sp:AlgorithmSuite>
>         <wsp:Policy>
>           <sp:Basic128Rsa15 />
>         </wsp:Policy>
>       </sp:AlgorithmSuite>
>       <sp:RecipientToken>
>         <wsp:Policy> 
>           <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
>             <wsp:Policy>
>               <sp:WssX509V3Token10 />
>             </wsp:Policy>
>           </sp:X509Token>
>         </wsp:Policy>
>       </sp:RecipientToken> 
>       <sp:Layout>
>         <wsp:Policy>
>           <sp:Strict />
>         </wsp:Policy>
>       </sp:Layout>
>     </wsp:Policy>
>   </sp:AsymmetricBinding>
>   <wsp:Policy wsu:Id="request:encrypt"> 
>     <sp:EncryptedParts>
>       <sp:Body/>
>       <sp:Header Name="UsernameToken"
> Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
>     </sp:EncryptedParts>
>     <sp:EncryptedElements>
> 
> <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'
and local-name()='Header']/*[namespace-uri()=' http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and local-name()='Security']/*[namespace-uri()=' http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and local-name()='UsernameToken']</sp:XPath> 
>     </sp:EncryptedElements>
>   </wsp:Policy>  
>   <wsp:Policy wsu:Id="response:encrypt">
>    <sp:EncryptedParts>
>       <sp:Body/>
>     </sp:EncryptedParts>
>     <sp:EncryptedElements> 
> 
> <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'
and local-name()='Header']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and local-name()='Security']/*[namespace-uri()='http://www.w3.org/2000/09/xmldsig#' and local-name()='Signature']</sp:XPath>
>     </sp:EncryptedElements> 
>   </wsp:Policy>
> </wsp:Policy>
> -- 
> thanks
> Rishi 


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message