axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nandana Mihindukulasooriya" <nandana....@gmail.com>
Subject Re: Axis2 with rampart sample, username hardcoded
Date Sun, 30 Mar 2008 07:27:54 GMT
Hi Jason,
       You need to have that Username Token assertion inside a
supporting token assertion.

<wsp:Policy wsu:Id="UToverHTTP"
		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
		xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
		xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<wsp:ExactlyOne>
		<wsp:All>
			  <sp:SupportingTokens>
			    <wsp:Policy>
			          <sp:UsernameToken/>			
			    </wsp:Policy>
			  </sp:SupportingTokens>
			  <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
				<ramp:user>Alice</ramp:user>	
				<ramp:passwordCallbackClass>org.apache.testing.clients.WSS11Client</ramp:passwordCallbackClass>
			</ramp:RampartConfig>
	    </wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>

But here the password is in clear text. If you are using Rampart
SNAPSHOT , you can use WS Security Policy 1.2 to send the hashed
password. The policy for that is given below.

<wsp:Policy wsu:Id="HashedPasswordoverHTTP"
		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
		xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
		xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
	<wsp:ExactlyOne>
		<wsp:All>
			  <sp:SupportingTokens>
			    <wsp:Policy>
			          <sp:UsernameToken>			
				          <wsp:Policy>
					          <sp:HashPassword/>
				          </wsp:Policy>
			          </sp:UsernameToken>
			    </wsp:Policy>
			  </sp:SupportingTokens>
			  <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
				<ramp:user>Alice</ramp:user>	
				<ramp:passwordCallbackClass>org.apache.testing.clients.WSS11Client</ramp:passwordCallbackClass>
			</ramp:RampartConfig>
	    </wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>

thanks,
/nandana

---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org


Mime
View raw message