cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Pell <ja...@pellcorp.com>
Subject Question about ws security policy matching
Date Mon, 04 Feb 2013 00:51:39 GMT
Hi,

I would like to configure a web service which requires one of two
security mechanisms:

1) UsernamePassword + SSL (NOT MUTUAL)
2) Username only + SSL with Mutual Authentication.

I was hoping to do this via WS-Policy ExactlyOnce matching, but it
does not seem to work.

What I was wanting to know is if I should expect it to work.  I am
about to jump in and debug what is actually happening but was hoping
someone would help me before I got too far into it.

My policy is:

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
	xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
		<wsp:ExactlyOne>
			<wsp:All>
				<sp:TransportBinding>
					<wsp:Policy>
						<sp:TransportToken>
							<wsp:Policy>
								<sp:HttpsToken>
									<wsp:Policy />
								</sp:HttpsToken>
							</wsp:Policy>
						</sp:TransportToken>
						<sp:Layout>
							<wsp:Policy>
								<sp:Lax />
							</wsp:Policy>
						</sp:Layout>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:Basic128 />
							</wsp:Policy>
						</sp:AlgorithmSuite>
					</wsp:Policy>
				</sp:TransportBinding>

				<sp:SupportingTokens>
					<wsp:Policy>
						<sp:UsernameToken>
							<wsp:Policy>
								<sp:WssUsernameToken11 />
							</wsp:Policy>
						</sp:UsernameToken>
					</wsp:Policy>
				</sp:SupportingTokens>
			</wsp:All>
			
			<wsp:All>
				<sp:TransportBinding>
					<wsp:Policy>
						<sp:TransportToken>
							<wsp:Policy>
								<sp:HttpsToken>
									<wsp:Policy>
										<sp:RequireClientCertificate />
									</wsp:Policy>
								</sp:HttpsToken>
							</wsp:Policy>
						</sp:TransportToken>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:Basic256 />
							</wsp:Policy>
						</sp:AlgorithmSuite>
					</wsp:Policy>
				</sp:TransportBinding>

				<sp:SupportingTokens>
					<wsp:Policy>
						<sp:UsernameToken>
							<wsp:Policy>
								<sp:NoPassword />
							</wsp:Policy>
						</sp:UsernameToken>
					</wsp:Policy>
				</sp:SupportingTokens>
			</wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>

Mime
View raw message