cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sam <j2eed...@gmail.com>
Subject Using WS-Policy to specify order of signing and encryption
Date Fri, 16 Aug 2013 08:18:46 GMT
Hi all,

Could someone confirm my understanding for the order of encryption & 
signing using WS-SecurityPolicy in WSDL?

I saw in 
http://fusesource.com/docs/esb/4.4/cxf_security/MsgProtect-SOAP-SymmetricPolicy.html 
that says the order is specified
in sp:EncryptBeforeSigning. If not specified, the default order is to 
sign and encrypt.

And I rarely see any use of this tag so I assume the default order is 
always right?

What I do see in almost all WS-Policy file that comes with WSDL is 
something like

        ...
        <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Input_Policy">
             <wsp:ExactlyOne>
                 <wsp:All>
    *<sp:EncryptedParts>*
                         <sp:Body />
                     </sp:EncryptedParts>
    *<sp:SignedParts>*
                         <sp:Body />
                 <sp:Header Namespace="..." />
                     </sp:SignedParts>
                 </wsp:All>
             </wsp:ExactlyOne>
         </wsp:Policy>
         <wsp:Policy wsu:Id="DoubleItBinding_DoubleIt_Output_Policy">
             <wsp:ExactlyOne>
                 <wsp:All>
    *<sp:EncryptedParts>*
                         <sp:Body />
                     </sp:EncryptedParts>
    *<sp:SignedParts>*
                         <sp:Body />
                         <sp:Header Namespace="..." />
                     </sp:SignedParts>
                 </wsp:All>
             </wsp:ExactlyOne>
         </wsp:Policy>
       </wsdl:definitions>


Am I right to say the order of <sp:EncryptedParts> and <sp:SignedParts> 
elements do not specify the order of encryption and signing in both 
request and response?

Thanks in advance,
Sam

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message