cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1091251 - in /cxf/trunk: rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/ systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/ systests/ws-security/src/test/resources/wsdl_systest_wssec/
Date Mon, 11 Apr 2011 23:08:23 GMT
Author: dkulp
Date: Mon Apr 11 23:08:22 2011
New Revision: 1091251

URL: http://svn.apache.org/viewvc?rev=1091251&view=rev
Log:
[CXF-3452] Recreate headers list after security processing

Modified:
    cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
    cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
    cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/DoubleIt.wsdl

Modified: cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java?rev=1091251&r1=1091250&r2=1091251&view=diff
==============================================================================
--- cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java (original)
+++ cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/WSS4JInInterceptor.java Mon Apr 11 23:08:22 2011
@@ -288,6 +288,7 @@ public class WSS4JInInterceptor extends 
                 }
             }
             advanceBody(msg, doc.getSOAPBody());
+            SAAJInInterceptor.replaceHeaders(doc, msg);
 
             if (doTimeLog) {
                 t3 = System.currentTimeMillis();

Modified: cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=1091251&r1=1091250&r2=1091251&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Mon Apr 11 23:08:22 2011
@@ -54,8 +54,11 @@ import org.apache.cxf.helpers.XPathUtils
 import org.apache.cxf.interceptor.LoggingInInterceptor;
 import org.apache.cxf.interceptor.LoggingOutInterceptor;
 import org.apache.cxf.jaxws.EndpointImpl;
+import org.apache.cxf.policytest.doubleit.DoubleIt;
 import org.apache.cxf.policytest.doubleit.DoubleItFault_Exception;
 import org.apache.cxf.policytest.doubleit.DoubleItPortType;
+import org.apache.cxf.policytest.doubleit.DoubleItPortTypeHeader;
+import org.apache.cxf.policytest.doubleit.DoubleItResponse;
 import org.apache.cxf.policytest.doubleit.DoubleItService;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -85,6 +88,7 @@ public class SecurityPolicyTest extends 
 
     public static final String POLICY_CXF3041_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3041";
     public static final String POLICY_CXF3042_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3042";
+    public static final String POLICY_CXF3452_ADDRESS = "http://localhost:" + PORT + "/SecPolTestCXF3452";
 
     
     public static class ServerPasswordCallback implements CallbackHandler {
@@ -191,7 +195,16 @@ public class SecurityPolicyTest extends 
                        SecurityPolicyTest.class.getResource("alice.properties").toString());
         ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
                        SecurityPolicyTest.class.getResource("alice.properties").toString());
-        
+
+        ep = (EndpointImpl)Endpoint.publish(POLICY_CXF3452_ADDRESS,
+                                            new DoubleItImplCXF3452());
+        ei = ep.getServer().getEndpoint().getEndpointInfo(); 
+        ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
+        ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("alice.properties").toString());
+        ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES, 
+                       SecurityPolicyTest.class.getResource("alice.properties").toString());
+
     }
     
     @Test
@@ -486,7 +499,18 @@ public class SecurityPolicyTest extends 
                 wsdlLocation = "classpath:/wsdl_systest_wssec/DoubleIt.wsdl")
     public static class DoubleItImplCXF3042 extends AbstractDoubleItImpl {
     }
-    
+    @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt", 
+                portName = "DoubleItPortCXF3452",
+                serviceName = "DoubleItService", 
+                endpointInterface = "org.apache.cxf.policytest.doubleit.DoubleItPortTypeHeader",
+                wsdlLocation = "classpath:/wsdl_systest_wssec/DoubleIt.wsdl")
+    public static class DoubleItImplCXF3452 implements DoubleItPortTypeHeader {
+        public DoubleItResponse doubleIt(DoubleIt parameters, int header) throws DoubleItFault_Exception {
+            DoubleItResponse r = new DoubleItResponse();
+            r.setDoubledNumber(parameters.getNumberToDouble().shiftLeft(header));
+            return r;
+        }
+    }
     @Test
     public void testCXF3041() throws Exception {
         DoubleItPortType pt;
@@ -515,4 +539,20 @@ public class SecurityPolicyTest extends 
                                                       getClass().getResource("alice.properties"));
         assertEquals(BigInteger.valueOf(10), pt.doubleIt(BigInteger.valueOf(5)));
     }
+    @Test
+    public void testCXF3452() throws Exception {
+        DoubleItPortTypeHeader pt;
+        pt = service.getDoubleItPortCXF3452();
+        updateAddressPort(pt, PORT);
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER, 
+                                                      new KeystorePasswordCallback());
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+                                                      getClass().getResource("alice.properties"));
+        ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES, 
+                                                      getClass().getResource("alice.properties"));
+        
+        DoubleIt di = new DoubleIt();
+        di.setNumberToDouble(BigInteger.valueOf(5));
+        assertEquals(BigInteger.valueOf(10), pt.doubleIt(di, 1).getDoubledNumber());
+    }
 }

Modified: cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/DoubleIt.wsdl?rev=1091251&r1=1091250&r2=1091251&view=diff
==============================================================================
--- cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/ws-security/src/test/resources/wsdl_systest_wssec/DoubleIt.wsdl Mon Apr 11 23:08:22 2011
@@ -1,47 +1,47 @@
 <?xml version="1.0" encoding="UTF-8"?>
-	<!--
-		* Licensed to the Apache Software Foundation (ASF) under one * or more
-		contributor license agreements. See the NOTICE file * distributed with
-		this work for additional information * regarding copyright ownership.
-		The ASF licenses this file * to you under the Apache License, Version
-		2.0 (the * "License"); you may not use this file except in compliance
-		* with the License. You may obtain a copy of the License at * *
-		http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by
-		applicable law or agreed to in writing, * software distributed under
-		the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES
-		OR CONDITIONS OF ANY * KIND, either express or implied. See the
-		License for the * specific language governing permissions and
-		limitations * under the License.
-	-->
+<!--
+  * Licensed to the Apache Software Foundation (ASF) under one * or more
+  contributor license agreements. See the NOTICE file * distributed with
+  this work for additional information * regarding copyright ownership.
+  The ASF licenses this file * to you under the Apache License, Version
+  2.0 (the * "License"); you may not use this file except in compliance
+  * with the License. You may obtain a copy of the License at * *
+  http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by
+  applicable law or agreed to in writing, * software distributed under
+  the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES
+  OR CONDITIONS OF ANY * KIND, either express or implied. See the
+  License for the * specific language governing permissions and
+  limitations * under the License.
+-->
 <wsdl:definitions name="DoubleIt"
-	xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
-	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://cxf.apache.org/policytest/DoubleIt"
-	targetNamespace="http://cxf.apache.org/policytest/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
-	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-	xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
-	xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
-	<wsdl:types>
-		<xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt">
-			<xsd:element name="DoubleIt">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="numberToDouble">
+  xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://cxf.apache.org/policytest/DoubleIt"
+  targetNamespace="http://cxf.apache.org/policytest/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
+  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+  xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+  xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
+    <wsdl:types>
+        <xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt">
+            <xsd:element name="DoubleIt">
+                <xsd:complexType>
+                    <xsd:sequence>
+                        <xsd:element name="numberToDouble">
                             <xsd:simpleType>
-								<xsd:restriction base="xsd:integer">
-									<xsd:minInclusive value="0"/>
-								</xsd:restriction>
-							</xsd:simpleType>
+                                <xsd:restriction base="xsd:integer">
+                                    <xsd:minInclusive value="0"/>
+                                </xsd:restriction>
+                            </xsd:simpleType>
                         </xsd:element>
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
-			<xsd:element name="DoubleItResponse">
-				<xsd:complexType>
-					<xsd:sequence>
-						<xsd:element name="doubledNumber" type="xsd:integer" />
-					</xsd:sequence>
-				</xsd:complexType>
-			</xsd:element>
+                    </xsd:sequence>
+                </xsd:complexType>
+            </xsd:element>
+            <xsd:element name="DoubleItResponse">
+                <xsd:complexType>
+                    <xsd:sequence>
+                        <xsd:element name="doubledNumber" type="xsd:integer" />
+                    </xsd:sequence>
+                </xsd:complexType>
+            </xsd:element>
             <xsd:element name="DoubleItFault">
                 <xsd:complexType>
                     <xsd:sequence>
@@ -49,164 +49,176 @@
                     </xsd:sequence>
                 </xsd:complexType>
             </xsd:element>
-		</xsd:schema>
-	</wsdl:types>
-	<wsdl:message name="DoubleItRequest">
-		<wsdl:part element="tns:DoubleIt" name="parameters" />
-	</wsdl:message>
-	<wsdl:message name="DoubleItResponse">
-		<wsdl:part element="tns:DoubleItResponse" name="parameters" />
-	</wsdl:message>
-	<wsdl:message name="DoubleItFault">
+            <xsd:element name="DoubleItHeader" type="xsd:int"/>
+        </xsd:schema>
+    </wsdl:types>
+    <wsdl:message name="DoubleItRequest">
+        <wsdl:part element="tns:DoubleIt" name="parameters" />
+    </wsdl:message>
+    <wsdl:message name="DoubleItRequestHeader">
+        <wsdl:part element="tns:DoubleIt" name="parameters" />
+        <wsdl:part element="tns:DoubleItHeader" name="header" />
+    </wsdl:message>
+    <wsdl:message name="DoubleItResponse">
+        <wsdl:part element="tns:DoubleItResponse" name="parameters" />
+    </wsdl:message>
+    <wsdl:message name="DoubleItFault">
         <wsdl:part element="tns:DoubleItFault" name="fault" />
     </wsdl:message>
     <wsdl:portType name="DoubleItPortType">
-		<wsdl:operation name="DoubleIt">
-			<wsdl:input message="tns:DoubleItRequest" />
-			<wsdl:output message="tns:DoubleItResponse" />
+        <wsdl:operation name="DoubleIt">
+            <wsdl:input message="tns:DoubleItRequest" />
+            <wsdl:output message="tns:DoubleItResponse" />
+            <wsdl:fault name="DoubleItFault" message="tns:DoubleItFault" />
+        </wsdl:operation>
+    </wsdl:portType>
+    <wsdl:portType name="DoubleItPortTypeHeader">
+        <wsdl:operation name="DoubleIt">
+            <wsdl:input message="tns:DoubleItRequestHeader" />
+            <wsdl:output message="tns:DoubleItResponse" />
             <wsdl:fault name="DoubleItFault" message="tns:DoubleItFault" />
-		</wsdl:operation>
-	</wsdl:portType>
-	<wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItBindingPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:portType>
+    <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItBindingPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
-	<wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
-	<wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal"  name="DoubleItFault"/>
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
-	<wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItSignPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSignPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
-	<wsdl:binding name="DoubleItBindingXPath" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItEncryptXPathPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingXPath" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItEncryptXPathPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
-	<wsdl:binding name="DoubleItBindingSignedOnly" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItSignedOnlyPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<wsp:PolicyReference URI="#SignedOnlyMsgPolicy" />
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingSignedOnly" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItSignedOnlyPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <wsp:PolicyReference URI="#SignedOnlyMsgPolicy" />
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <wsp:PolicyReference URI="#EncrBody" />
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
-	<wsdl:binding name="DoubleItBindingTimestampOnly" type="tns:DoubleItPortType">
-		<wsp:PolicyReference URI="#DoubleItTimestampOnlyPolicy" />
-		<soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
-				<soap:body use="literal" />
-			</wsdl:output>
+        </wsdl:operation>
+    </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingTimestampOnly" type="tns:DoubleItPortType">
+        <wsp:PolicyReference URI="#DoubleItTimestampOnlyPolicy" />
+        <soap:binding style="document"
+          transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
+        </wsdl:operation>
+    </wsdl:binding>
 
     <wsdl:binding name="DoubleItBindingCXF3041" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#CXF3041"/>
         <soap:binding style="document"
-			transport="http://schemas.xmlsoap.org/soap/http" />
-		<wsdl:operation name="DoubleIt">
-			<soap:operation soapAction="" />
-			<wsdl:input>
-				<soap:body use="literal" />
-			</wsdl:input>
-			<wsdl:output>
+      transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
                 <wsp:PolicyReference URI="#SignBody"/>
-				<soap:body use="literal" />
-			</wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
             <wsdl:fault name="DoubleItFault">
                 <soap:body use="literal" name="DoubleItFault" />
             </wsdl:fault>
-		</wsdl:operation>
-	</wsdl:binding>
+        </wsdl:operation>
+    </wsdl:binding>
     <wsdl:binding name="DoubleItBindingCXF3042" type="tns:DoubleItPortType">
         <wsp:PolicyReference URI="#CXF3042"/>
         <soap:binding style="document"
@@ -225,534 +237,605 @@
             </wsdl:fault>
         </wsdl:operation>
     </wsdl:binding>
+    <wsdl:binding name="DoubleItBindingCXF3452" type="tns:DoubleItPortTypeHeader">
+        <wsp:PolicyReference URI="#CXF3452"/>
+        <soap:binding style="document"
+            transport="http://schemas.xmlsoap.org/soap/http" />
+        <wsdl:operation name="DoubleIt">
+            <soap:operation soapAction="" />
+            <wsdl:input>
+                <wsp:PolicyReference URI="#EncrSignBodyAndHeader"/>
+                <soap:header use="literal" message="tns:DoubleItRequestHeader" part="header" />
+                <soap:body use="literal" />
+            </wsdl:input>
+            <wsdl:output>
+                <soap:body use="literal" />
+            </wsdl:output>
+            <wsdl:fault name="DoubleItFault">
+                <soap:body use="literal" name="DoubleItFault" />
+            </wsdl:fault>
+        </wsdl:operation>
+    </wsdl:binding>
 
 
-	<wsdl:service name="DoubleItService">
-		<wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
-			<soap:address location="https://localhost:9009/SecPolTest" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
-			<soap:address location="http://localhost:9010/SecPolTest" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
-			<soap:address location="http://localhost:9010/SecPolTestEncryptThenSign" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
-			<soap:address location="http://localhost:9010/SecPolTestSignThenEncrypt" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
-			<soap:address location="http://localhost:9010/SecPolTestSign" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortXPath" binding="tns:DoubleItBindingXPath">
-			<soap:address location="http://localhost:9010/SecPolTestXPath" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortSignedOnly" binding="tns:DoubleItBindingSignedOnly">
-			<soap:address location="http://localhost:9010/SecPolTestSignedOnly" />
-		</wsdl:port>
-		<wsdl:port name="DoubleItPortTimestampOnly" binding="tns:DoubleItBindingTimestampOnly">
-			<soap:address location="http://localhost:9010/SecPolTestTimestampOnly" />
-		</wsdl:port>
+    <wsdl:service name="DoubleItService">
+        <wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
+            <soap:address location="https://localhost:9009/SecPolTest" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
+            <soap:address location="http://localhost:9010/SecPolTest" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
+            <soap:address location="http://localhost:9010/SecPolTestEncryptThenSign" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
+            <soap:address location="http://localhost:9010/SecPolTestSignThenEncrypt" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
+            <soap:address location="http://localhost:9010/SecPolTestSign" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortXPath" binding="tns:DoubleItBindingXPath">
+            <soap:address location="http://localhost:9010/SecPolTestXPath" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortSignedOnly" binding="tns:DoubleItBindingSignedOnly">
+            <soap:address location="http://localhost:9010/SecPolTestSignedOnly" />
+        </wsdl:port>
+        <wsdl:port name="DoubleItPortTimestampOnly" binding="tns:DoubleItBindingTimestampOnly">
+            <soap:address location="http://localhost:9010/SecPolTestTimestampOnly" />
+        </wsdl:port>
         <wsdl:port name="DoubleItPortCXF3041" binding="tns:DoubleItBindingCXF3041">
             <soap:address location="http://localhost:9010/SecPolTestCXF3041" />
         </wsdl:port>
         <wsdl:port name="DoubleItPortCXF3042" binding="tns:DoubleItBindingCXF3042">
             <soap:address location="http://localhost:9010/SecPolTestCXF3042" />
         </wsdl:port>
-	</wsdl:service>
+        <wsdl:port name="DoubleItPortCXF3452" binding="tns:DoubleItBindingCXF3452">
+            <soap:address location="http://localhost:9010/SecPolTestCXF3452" />
+        </wsdl:port>
+    </wsdl:service>
 
-	<wsp:Policy wsu:Id="DoubleItBindingPolicy">
-		<wsp:ExactlyOne>
-			<wsp:All>
-				<foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy" />
-			</wsp:All>
-			<wsp:All>
-				<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
-				<sp:TransportBinding>
-					<wsp:Policy>
-						<sp:TransportToken>
-							<wsp:Policy>
-								<sp:HttpsToken RequireClientCertificate="false" />
-							</wsp:Policy>
-						</sp:TransportToken>
-						<sp:Layout>
-							<wsp:Policy>
-								<sp:Lax />
-							</wsp:Policy>
-						</sp:Layout>
-						<sp:IncludeTimestamp />
-						<sp:AlgorithmSuite>
-							<wsp:Policy>
-								<sp:Basic128 />
-							</wsp:Policy>
-						</sp:AlgorithmSuite>
-					</wsp:Policy>
-				</sp:TransportBinding>
-				<sp:Wss10>
-					<wsp:Policy>
-						<sp:MustSupportRefKeyIdentifier />
-					</wsp:Policy>
-				</sp:Wss10>
-				<sp:SignedSupportingTokens>
-					<wsp:Policy>
-						<sp:UsernameToken
-							sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-							<wsp:Policy>
-								<sp:WssUsernameToken10 />
-							</wsp:Policy>
-						</sp:UsernameToken>
-					</wsp:Policy>
-				</sp:SignedSupportingTokens>
-			</wsp:All>
-		</wsp:ExactlyOne>
-	</wsp:Policy>
-	<wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
-		<wsp:ExactlyOne>
-			<wsp:All>
-				<sp:AsymmetricBinding
-					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<wsp:Policy>
-						<sp:InitiatorToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-									<wsp:Policy>
-										<sp:WssX509V1Token11 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:InitiatorToken>
-						<sp:RecipientToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
-									<wsp:Policy>
-										<sp:WssX509V1Token11 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:RecipientToken>
-						<sp:AlgorithmSuite>
-							<wsp:Policy>
-								<sp:TripleDesRsa15 />
-							</wsp:Policy>
-						</sp:AlgorithmSuite>
-						<sp:Layout>
-							<wsp:Policy>
-								<sp:Lax />
-							</wsp:Policy>
-						</sp:Layout>
-						<sp:IncludeTimestamp />
-						<sp:EncryptSignature />
-						<sp:OnlySignEntireHeadersAndBody />
-						<sp:EncryptBeforeSigning />
-					</wsp:Policy>
-				</sp:AsymmetricBinding>
-				<sp:SignedParts
-					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<sp:Body />
-				</sp:SignedParts>
-				<sp:EncryptedParts
-					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<sp:Body />
-				</sp:EncryptedParts>
-				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<wsp:Policy>
-						<!-- sp:MustSupportRefKeyIdentifier/-->
-						<sp:MustSupportRefIssuerSerial />
-					</wsp:Policy>
-				</sp:Wss10>
-			</wsp:All>
-		</wsp:ExactlyOne>
-	</wsp:Policy>
-	<wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
-		<wsp:ExactlyOne>
-			<wsp:All>
-				<sp:AsymmetricBinding
-					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<wsp:Policy>
-						<sp:InitiatorToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-									<wsp:Policy>
-										<sp:WssX509V1Token11 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:InitiatorToken>
-						<sp:RecipientToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
-									<wsp:Policy>
-										<sp:WssX509V1Token11 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:RecipientToken>
-						<sp:AlgorithmSuite>
-							<wsp:Policy>
-								<sp:TripleDesRsa15 />
-							</wsp:Policy>
-						</sp:AlgorithmSuite>
-						<sp:Layout>
-							<wsp:Policy>
-								<sp:Lax />
-							</wsp:Policy>
-						</sp:Layout>
-						<sp:IncludeTimestamp />
-						<sp:EncryptSignature />
-						<sp:OnlySignEntireHeadersAndBody />
-						<sp:SignBeforeEncrypting />
-					</wsp:Policy>
-				</sp:AsymmetricBinding>
-				<sp:SignedParts
-					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<sp:Body />
-				</sp:SignedParts>
-				<sp:EncryptedParts
-					xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<sp:Body />
-				</sp:EncryptedParts>
-				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-					<wsp:Policy>
-						<!-- sp:MustSupportRefKeyIdentifier/-->
-						<sp:MustSupportRefIssuerSerial />
-					</wsp:Policy>
-				</sp:Wss10>
-			</wsp:All>
-		</wsp:ExactlyOne>
-	</wsp:Policy>
-
-
-	<wsp:Policy wsu:Id="DoubleItSignPolicy"
-		xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-		<wsp:ExactlyOne>
-			<wsp:All>
-				<sp:AsymmetricBinding
-					xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
-					<wsp:Policy>
-						<sp:InitiatorToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
-									<wsp:Policy>
-										<sp:WssX509V3Token10 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:InitiatorToken>
-						<sp:RecipientToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
-									<wsp:Policy>
-										<sp:WssX509V3Token10 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:RecipientToken>
-						<sp:AlgorithmSuite>
-							<wsp:Policy>
-								<sp:Basic256 />
-							</wsp:Policy>
-						</sp:AlgorithmSuite>
-						<sp:Layout>
-							<wsp:Policy>
-								<sp:Strict />
-							</wsp:Policy>
-						</sp:Layout>
-						<sp:OnlySignEntireHeadersAndBody />
-					</wsp:Policy>
-				</sp:AsymmetricBinding>
-				<sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
-					<wsp:Policy>
-						<sp:MustSupportRefEmbeddedToken />
-					</wsp:Policy>
-				</sp:Wss10>
-				<sp:SignedParts
-					xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
-					<sp:Body />
-				</sp:SignedParts>
-			</wsp:All>
-		</wsp:ExactlyOne>
-	</wsp:Policy>
-	<wsp:Policy wsu:Id="DoubleItEncryptXPathPolicy">
-		<wsp:ExactlyOne>
-			<wsp:All>
-				<sp:SymmetricBinding
-					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-					<wsp:Policy>
-						<sp:ProtectionToken>
-							<wsp:Policy>
-								<sp:X509Token
-									sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-									<wsp:Policy>
-										<sp:WssX509V1Token11 />
-									</wsp:Policy>
-								</sp:X509Token>
-							</wsp:Policy>
-						</sp:ProtectionToken>
-						<sp:AlgorithmSuite>
-							<wsp:Policy>
-								<sp:TripleDesRsa15 />
-							</wsp:Policy>
-						</sp:AlgorithmSuite>
-						<sp:Layout>
-							<wsp:Policy>
-								<sp:Lax />
-							</wsp:Policy>
-						</sp:Layout>
-						<sp:IncludeTimestamp />
-						<sp:OnlySignEntireHeadersAndBody />
-					</wsp:Policy>
-				</sp:SymmetricBinding>
-				<sp:EncryptedElements
-					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-					<sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
-				</sp:EncryptedElements>
-				<sp:SignedElements
-					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-					<sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
-				</sp:SignedElements>
-				<sp:RequiredElements
-					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-					<sp:XPath xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:Security</sp:XPath>
-			    </sp:RequiredElements>
-				<sp:RequiredParts
-					xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-					<sp:Header Name="Security" Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
-			    </sp:RequiredParts>
-			</wsp:All>
-		</wsp:ExactlyOne>
-	</wsp:Policy>
-
-
-
-   <wsp:Policy  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
-             xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
-             xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
-             wsu:Id="DoubleItSignedOnlyPolicy">
-    <wsp:ExactlyOne>
-      <wsp:All>
-      <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-           <wsp:Policy>
-             <sp:InitiatorToken>
-               <wsp:Policy>
-                 <sp:X509Token
-                   sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
-                   <wsp:Policy>
-                     <sp:WssX509V3Token10 />
-                     <sp:RequireThumbprintReference/> <!-- needed for V1 certs -->
-                   </wsp:Policy>
-                 </sp:X509Token>
-               </wsp:Policy>
-             </sp:InitiatorToken>
-             <sp:RecipientToken>
-               <wsp:Policy>
-                 <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
-                   <wsp:Policy>
-                     <sp:WssX509V3Token10 />
-                     <sp:RequireThumbprintReference/>
-                   </wsp:Policy>
-                 </sp:X509Token>
-               </wsp:Policy>
-             </sp:RecipientToken>
-             <sp:AlgorithmSuite>
-               <wsp:Policy>
-                 <sp:TripleDesRsa15 />
-               </wsp:Policy>
-             </sp:AlgorithmSuite>
-             <sp:Layout>
-               <wsp:Policy>
-                 <sp:Strict />
-               </wsp:Policy>
-             </sp:Layout>
-             <sp:IncludeTimestamp />
-             <sp:OnlySignEntireHeadersAndBody /> 
-           </wsp:Policy>
-         </sp:AsymmetricBinding>
-         <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-           <wsp:Policy>
-             <sp:MustSupportRefKeyIdentifier />
-             <sp:MustSupportRefIssuerSerial />
-           </wsp:Policy>
-         </sp:Wss10>
-      </wsp:All>
-    </wsp:ExactlyOne>
-  </wsp:Policy>
-
-   <wsp:Policy
-   	  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-   	  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
-   	  xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
-   	  wsu:Id="SignedOnlyMsgPolicy">
-   	  <wsp:ExactlyOne>
-   	    <wsp:All>
-   	       <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
-   		      <sp:Body />
-   	       </sp:SignedParts>
-   	    </wsp:All>
-   	  </wsp:ExactlyOne>
-   </wsp:Policy>
-   <wsp:Policy  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
-             xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
-             xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
-             wsu:Id="DoubleItTimestampOnlyPolicy">
-		<wsp:ExactlyOne>
-			<wsp:All>
-				<wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
-				<sp:TransportBinding>
-					<wsp:Policy>
-						<sp:Layout>
-							<wsp:Policy>
-								<sp:Lax />
-							</wsp:Policy>
-						</sp:Layout>
-						<sp:IncludeTimestamp />
-						<sp:AlgorithmSuite>
-							<wsp:Policy>
-								<sp:Basic128 />
-							</wsp:Policy>
-						</sp:AlgorithmSuite>
-					</wsp:Policy>
-				</sp:TransportBinding>
-				<sp:Wss10>
-					<wsp:Policy>
-						<sp:MustSupportRefKeyIdentifier />
-					</wsp:Policy>
-				</sp:Wss10>
-			</wsp:All>
-		</wsp:ExactlyOne>
-	</wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItBindingPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy" />
+            </wsp:All>
+            <wsp:All>
+                <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
+                <sp:TransportBinding>
+                    <wsp:Policy>
+                        <sp:TransportToken>
+                            <wsp:Policy>
+                                <sp:HttpsToken RequireClientCertificate="false" />
+                            </wsp:Policy>
+                        </sp:TransportToken>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <sp:Wss10>
+                    <wsp:Policy>
+                        <sp:MustSupportRefKeyIdentifier />
+                    </wsp:Policy>
+                </sp:Wss10>
+                <sp:SignedSupportingTokens>
+                    <wsp:Policy>
+                        <sp:UsernameToken
+                          sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                            <wsp:Policy>
+                                <sp:WssUsernameToken10 />
+                            </wsp:Policy>
+                        </sp:UsernameToken>
+                    </wsp:Policy>
+                </sp:SignedSupportingTokens>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDesRsa15 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:EncryptSignature />
+                        <sp:OnlySignEntireHeadersAndBody />
+                        <sp:EncryptBeforeSigning />
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+                <sp:SignedParts
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:SignedParts>
+                <sp:EncryptedParts
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:EncryptedParts>
+                <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <!-- sp:MustSupportRefKeyIdentifier/-->
+                        <sp:MustSupportRefIssuerSerial />
+                    </wsp:Policy>
+                </sp:Wss10>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDesRsa15 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:EncryptSignature />
+                        <sp:OnlySignEntireHeadersAndBody />
+                        <sp:SignBeforeEncrypting />
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+                <sp:SignedParts
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:SignedParts>
+                <sp:EncryptedParts
+                  xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:EncryptedParts>
+                <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <!-- sp:MustSupportRefKeyIdentifier/-->
+                        <sp:MustSupportRefIssuerSerial />
+                    </wsp:Policy>
+                </sp:Wss10>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+
+
+    <wsp:Policy wsu:Id="DoubleItSignPolicy"
+      xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding
+                  xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic256 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Strict />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:OnlySignEntireHeadersAndBody />
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+                <sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+                    <wsp:Policy>
+                        <sp:MustSupportRefEmbeddedToken />
+                    </wsp:Policy>
+                </sp:Wss10>
+                <sp:SignedParts
+                  xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+                    <sp:Body />
+                </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="DoubleItEncryptXPathPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SymmetricBinding
+                  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <wsp:Policy>
+                        <sp:ProtectionToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V1Token11 />
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:ProtectionToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDesRsa15 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:OnlySignEntireHeadersAndBody />
+                    </wsp:Policy>
+                </sp:SymmetricBinding>
+                <sp:EncryptedElements
+                  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
+                </sp:EncryptedElements>
+                <sp:SignedElements
+                  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
+                </sp:SignedElements>
+                <sp:RequiredElements
+                  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <sp:XPath xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">wsse:Security</sp:XPath>
+                </sp:RequiredElements>
+                <sp:RequiredParts
+                  xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+                    <sp:Header Name="Security" Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
+                </sp:RequiredParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+
+
+
+    <wsp:Policy  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+              xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+              xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+              wsu:Id="DoubleItSignedOnlyPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <sp:InitiatorToken>
+                            <wsp:Policy>
+                                <sp:X509Token
+                                  sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10 />
+                                        <sp:RequireThumbprintReference/> <!-- needed for V1 certs -->
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:InitiatorToken>
+                        <sp:RecipientToken>
+                            <wsp:Policy>
+                                <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+                                    <wsp:Policy>
+                                        <sp:WssX509V3Token10 />
+                                        <sp:RequireThumbprintReference/>
+                                    </wsp:Policy>
+                                </sp:X509Token>
+                            </wsp:Policy>
+                        </sp:RecipientToken>
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:TripleDesRsa15 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Strict />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:OnlySignEntireHeadersAndBody />
+                    </wsp:Policy>
+                </sp:AsymmetricBinding>
+                <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <wsp:Policy>
+                        <sp:MustSupportRefKeyIdentifier />
+                        <sp:MustSupportRefIssuerSerial />
+                    </wsp:Policy>
+                </sp:Wss10>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+
+    <wsp:Policy
+       xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+       xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+       xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+       wsu:Id="SignedOnlyMsgPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+                    <sp:Body />
+                </sp:SignedParts>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
+    <wsp:Policy  xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+              xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+              xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+              wsu:Id="DoubleItTimestampOnlyPolicy">
+        <wsp:ExactlyOne>
+            <wsp:All>
+                <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
+                <sp:TransportBinding>
+                    <wsp:Policy>
+                        <sp:Layout>
+                            <wsp:Policy>
+                                <sp:Lax />
+                            </wsp:Policy>
+                        </sp:Layout>
+                        <sp:IncludeTimestamp />
+                        <sp:AlgorithmSuite>
+                            <wsp:Policy>
+                                <sp:Basic128 />
+                            </wsp:Policy>
+                        </sp:AlgorithmSuite>
+                    </wsp:Policy>
+                </sp:TransportBinding>
+                <sp:Wss10>
+                    <wsp:Policy>
+                        <sp:MustSupportRefKeyIdentifier />
+                    </wsp:Policy>
+                </sp:Wss10>
+            </wsp:All>
+        </wsp:ExactlyOne>
+    </wsp:Policy>
   
 
 
-  <!-- Policy for asymmetric binding with the certificate included in the message from
-   client to server but only a thumbprint on messages from the server to the client. -->
-  <wsp:Policy wsu:Id="AsymmBinding" xmlns:wsu=
-      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-      xmlns:wsp="http://www.w3.org/ns/ws-policy"
-      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-    <sp:AsymmetricBinding>
-      <wsp:Policy>
-        <sp:InitiatorToken>
-          <wsp:Policy>
-            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-              <wsp:Policy>
-                <sp:RequireThumbprintReference/>
-              </wsp:Policy>
-            </sp:X509Token>
-          </wsp:Policy>
-        </sp:InitiatorToken>
-        <sp:RecipientToken>
-          <wsp:Policy>
-            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
-              <wsp:Policy>
-                <sp:RequireThumbprintReference/>
-              </wsp:Policy>
-            </sp:X509Token>
-          </wsp:Policy>
-        </sp:RecipientToken>
-        <sp:AlgorithmSuite>
-          <wsp:Policy>
-            <sp:Basic128Rsa15/>
-          </wsp:Policy>
-        </sp:AlgorithmSuite>
-      </wsp:Policy>
-    </sp:AsymmetricBinding>
-  </wsp:Policy>
+    <!-- Policy for asymmetric binding with the certificate included in the message from
+     client to server but only a thumbprint on messages from the server to the client. -->
+    <wsp:Policy wsu:Id="AsymmBinding" xmlns:wsu=
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:AsymmetricBinding>
+            <wsp:Policy>
+                <sp:InitiatorToken>
+                    <wsp:Policy>
+                        <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <wsp:Policy>
+                                <sp:RequireThumbprintReference/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:InitiatorToken>
+                <sp:RecipientToken>
+                    <wsp:Policy>
+                        <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                            <wsp:Policy>
+                                <sp:RequireThumbprintReference/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:RecipientToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128Rsa15/>
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+            </wsp:Policy>
+        </sp:AsymmetricBinding>
+    </wsp:Policy>
   
-  <!-- Policy for signing the message body. -->
-  <wsp:Policy wsu:Id="SignBody" xmlns:wsu=
-      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-      xmlns:wsp="http://www.w3.org/ns/ws-policy"
-      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-    <sp:SignedParts>
-      <sp:Body/>
-    </sp:SignedParts>
-  </wsp:Policy>
-  <!-- Policy for encrypting the message body. -->
-  <wsp:Policy wsu:Id="EncrBody" xmlns:wsu=
-      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-      xmlns:wsp="http://www.w3.org/ns/ws-policy"
-      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-    <sp:EncryptedParts>
-      <sp:Body/>
-    </sp:EncryptedParts>
-  </wsp:Policy>
-
-  <!-- Policy for asymmetric binding with the certificate included in the message from
-   client to server but only a thumbprint on messages from the server to the client. -->
-  <wsp:Policy wsu:Id="CXF3041" xmlns:wsu=
-      "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
-      xmlns:wsp="http://www.w3.org/ns/ws-policy"
-      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-    <sp:AsymmetricBinding>
-      <wsp:Policy>
-        <sp:InitiatorToken>
-          <wsp:Policy>
-            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
-              <wsp:Policy>
-                <sp:RequireThumbprintReference/>
-              </wsp:Policy>
-            </sp:X509Token>
-          </wsp:Policy>
-        </sp:InitiatorToken>
-        <sp:RecipientToken>
-          <wsp:Policy>
-            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
-              <wsp:Policy>
-                <sp:RequireThumbprintReference/>
-              </wsp:Policy>
-            </sp:X509Token>
-          </wsp:Policy>
-        </sp:RecipientToken>
-        <sp:AlgorithmSuite>
-          <wsp:Policy>
-            <sp:Basic128Rsa15/>
-          </wsp:Policy>
-        </sp:AlgorithmSuite>
-      </wsp:Policy>
-    </sp:AsymmetricBinding>
-  </wsp:Policy>
+    <!-- Policy for signing the message body. -->
+    <wsp:Policy wsu:Id="SignBody" xmlns:wsu=
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:SignedParts>
+            <sp:Body/>
+        </sp:SignedParts>
+    </wsp:Policy>
+    <!-- Policy for encrypting the message body. -->
+    <wsp:Policy wsu:Id="EncrBody" xmlns:wsu=
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:EncryptedParts>
+            <sp:Body/>
+        </sp:EncryptedParts>
+    </wsp:Policy>
+
+    <!-- Policy for asymmetric binding with the certificate included in the message from
+     client to server but only a thumbprint on messages from the server to the client. -->
+    <wsp:Policy wsu:Id="CXF3041" xmlns:wsu=
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:AsymmetricBinding>
+            <wsp:Policy>
+                <sp:InitiatorToken>
+                    <wsp:Policy>
+                        <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+                            <wsp:Policy>
+                                <sp:RequireThumbprintReference/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:InitiatorToken>
+                <sp:RecipientToken>
+                    <wsp:Policy>
+                        <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                            <wsp:Policy>
+                                <sp:RequireThumbprintReference/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:RecipientToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128Rsa15/>
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+            </wsp:Policy>
+        </sp:AsymmetricBinding>
+    </wsp:Policy>
 
 
 
     <!-- Policy for symmetric binding, using an ephemeral key generated by the client and
    sent to the server as part of the request, using asymmetric encryption with the server
    public key to secure the symmetric key. -->
-  <wsp:Policy wsu:Id="CXF3042"
-      xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
-      xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
-      xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
-    <sp:SymmetricBinding>
-      <wsp:Policy>
-        <sp:ProtectionToken>
-          <wsp:Policy>
-            <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
-              <wsp:Policy>
-                <sp:RequireDerivedKeys/>
-                <sp:RequireThumbprintReference/>
-                <sp:WssX509V3Token10/>
-              </wsp:Policy>
-            </sp:X509Token>
-          </wsp:Policy>
-        </sp:ProtectionToken>
-        <sp:AlgorithmSuite>
-          <wsp:Policy>
-            <sp:Basic128Rsa15/>
-          </wsp:Policy>
-        </sp:AlgorithmSuite>
-        <sp:OnlySignEntireHeadersAndBody/>
-      </wsp:Policy>
-    </sp:SymmetricBinding>
-    <sp:Wss11>
-      <wsp:Policy>
-        <sp:MustSupportRefKeyIdentifier/>
-        <sp:MustSupportRefThumbprint/>
-        <sp:MustSupportRefEncryptedKey/>
-      </wsp:Policy>
-    </sp:Wss11>
-  </wsp:Policy>
+    <wsp:Policy wsu:Id="CXF3042"
+        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+        xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:SymmetricBinding>
+            <wsp:Policy>
+                <sp:ProtectionToken>
+                    <wsp:Policy>
+                        <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                            <wsp:Policy>
+                                <sp:RequireDerivedKeys/>
+                                <sp:RequireThumbprintReference/>
+                                <sp:WssX509V3Token10/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:ProtectionToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128Rsa15/>
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+                <sp:OnlySignEntireHeadersAndBody/>
+            </wsp:Policy>
+        </sp:SymmetricBinding>
+        <sp:Wss11>
+            <wsp:Policy>
+                <sp:MustSupportRefKeyIdentifier/>
+                <sp:MustSupportRefThumbprint/>
+                <sp:MustSupportRefEncryptedKey/>
+            </wsp:Policy>
+        </sp:Wss11>
+    </wsp:Policy>
+
+
+    <wsp:Policy wsu:Id="CXF3452"
+        xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+        xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:SymmetricBinding>
+            <wsp:Policy>
+                <sp:ProtectionToken>
+                    <wsp:Policy>
+                        <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+                            <wsp:Policy>
+                                <sp:RequireDerivedKeys/>
+                                <sp:RequireThumbprintReference/>
+                                <sp:WssX509V3Token10/>
+                            </wsp:Policy>
+                        </sp:X509Token>
+                    </wsp:Policy>
+                </sp:ProtectionToken>
+                <sp:AlgorithmSuite>
+                    <wsp:Policy>
+                        <sp:Basic128Rsa15/>
+                    </wsp:Policy>
+                </sp:AlgorithmSuite>
+                <sp:OnlySignEntireHeadersAndBody/>
+            </wsp:Policy>
+        </sp:SymmetricBinding>
+        <sp:Wss11>
+            <wsp:Policy>
+                <sp:MustSupportRefKeyIdentifier/>
+                <sp:MustSupportRefThumbprint/>
+                <sp:MustSupportRefEncryptedKey/>
+            </wsp:Policy>
+        </sp:Wss11>
+    </wsp:Policy>
+    <wsp:Policy wsu:Id="EncrSignBodyAndHeader" xmlns:wsu=
+        "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+        xmlns:wsp="http://www.w3.org/ns/ws-policy"
+        xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+        <sp:EncryptedParts>
+            <sp:Body/>
+            <sp:Header Namespace="http://cxf.apache.org/policytest/DoubleIt"/>
+        </sp:EncryptedParts>
+        <sp:SignedParts>
+            <sp:Body />
+            <sp:Header Namespace="http://cxf.apache.org/policytest/DoubleIt"/>
+        </sp:SignedParts>
+    </wsp:Policy>
+
 </wsdl:definitions>



Mime
View raw message