Hi folks, I'm something of a rookie when it comes to implementing security in web services. I'm working with policy example #3 to try and get an idea for how security policy works. Direct link here: https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample03/
I've changed the invoked web service method but the policy is the same, but I'm a bit confused by something. As I understand it the soap message body in this example should be encrypted, correct? But looking at the messages in SOAPMonitor, I am seeing the security header but the body in plain text. Is the policy not being applied properly? I'm also seeing differences in the response shown in SOAPMonitor and a printout of the OMElement response in the client (messages displayed below). The OMElement shows the wsa, xenc and wsu namespaces while SOAPMonitor does not. Basically I'm a bit confused by what I am seeing in SOAPMonitor and I’m not sure whether this is indicating that the policy is not being applied properly or whether this is typical behaviour of SOAPMonitor itself? Also, despite reading into WS-Policy I'm still rather unsure of it, generally. Are there any guides to creating policy documents? Ultimately my aim is for the requests to the service to have a UsernameToken and the SOAP body encrypted. And the response message body to be encrypted. SOAPMonitor Request Body: <! -- Header omitted -- > <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="Id-21192393"> <ns2:testFunction xmlns:ns2="http://webservice.example.com/xsd";> <arg0 >username</arg0> <arg1>pas</arg1> </ns2:testFunction> </soapenv:Body> </soapenv:Envelope> SOAPMonitor Response Message: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/";> <soapenv:Body> <ns:testFunctionResponse xmlns:ns="http://webservice.example.com/xsd";> <ns:return> <responseCode xmlns="http://schema.example.com/xsd";>0</responseCode> <responseMessage xmlns="http://schema.example.com/xsd";>Request Fulfilled</responseMessage> </ns:return> </ns:testFunctionResponse> </soapenv:Body> </soapenv:Envelope> Printout of response message at client: <ns:testFunctionResponse xmlns:ns="http://webservice.example.com/xsd"; xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsa="http://www.w3.org/2005/08/addressing"; xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";> <ns:return> <responseCode xmlns:axis2ns7="http://schema.example.com/xsd"; mlns="http://schema.example.com/xsd";>0</responseCode> <responseMessage xmlns="http://schema.example.com/xsd"; xmlns:axis2ns8="http://schema.example.com/xsd";>Request Fulfilled</responseMessage> </ns:return> </ns:exampleFunctionResponse> Regards, Alan. -- View this message in context: http://www.nabble.com/%28Rampart%29-Not-seeing-encrypted-message-in-SOAPMonitor-tf4368000.html#a12450000 Sent from the Axis - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
