Hi,
I would like to ask whether the WS-SecurityPolicy usage for encrypting
parts of the header is currently supported in Rampart ? I am using
rampart-1.1 with Axis2-1.1.1
I have the following in my policy definition:
<sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Header Name="UsernameToken"/>
</sp:EncryptedParts>
That is, what i would like to achieve is send the username/password in
plaintext (that is not using digest password type ), but encrypt these
in the header.
I am getting this exception when i try to run the client:
[java] Exception in thread "main" java.lang.NullPointerException
[java] at
org.apache.ws.secpolicy.builders.EncryptedPartsBuilder.processElement(EncryptedPartsBuilder.java:62)
[java] at
org.apache.ws.secpolicy.builders.EncryptedPartsBuilder.build(EncryptedPartsBuilder.java:44)
[java] at
org.apache.neethi.AssertionBuilderFactory.build(AssertionBuilderFactory.java:96)
[java] at
org.apache.neethi.PolicyEngine.processOperationElement(PolicyEngine.java:221)
[java] at
org.apache.neethi.PolicyEngine.getAllOperator(PolicyEngine.java:158)
[java] at
org.apache.neethi.PolicyEngine.processOperationElement(PolicyEngine.java:212)
[java] at
org.apache.neethi.PolicyEngine.getExactlyOneOperator(PolicyEngine.java:154)
[java] at
org.apache.neethi.PolicyEngine.processOperationElement(PolicyEngine.java:207)
[java] at
org.apache.neethi.PolicyEngine.getPolicyOperator(PolicyEngine.java:150)
[java] at
org.apache.neethi.PolicyEngine.getPolicy(PolicyEngine.java:122)
[java] at
org.apache.rampart.samples.policy.sample01.Client.loadPolicy(Unknown
Source)
[java] at
org.apache.rampart.samples.policy.sample01.Client.main(Unknown Source)
I am using a modified version (modified policy.xml and services.xml)
from the rampart distribution in samples/policy/sample01.
I am attaching the policy.xml file.
P.S: I also tried setting both Name and Namespace attributes in the
sp:Header child of sp:EncryptedParts, but with no success (same
error).
Any feedback is greatly appreciated. Thank you.
Regards,
Angel
<?xml version="1.0" encoding="UTF-8"?>
<!--
!
! Copyright 2006 The Apache Software Foundation.
!
! Licensed under the Apache License, Version 2.0 (the "License");
! you may not use this file except in compliance with the License.
! You may obtain a copy of the License at
!
! http://www.apache.org/licenses/LICENSE-2.0
!
! Unless required by applicable law or agreed to in writing, software
! distributed under the License is distributed on an "AS IS" BASIS,
! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
! See the License for the specific language governing permissions and
! limitations under the License.
!-->
<wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; />
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Body/>
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<sp:Header Name="UsernameToken"/>
</sp:EncryptedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>alice</ramp:user>
<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
