Can you please ask this question at http://ws.apache.org/rampart/
On 9/2/07, A Sunley <[EMAIL PROTECTED]> wrote: > > > Hi folks, > > I'm something of a rookie when it comes to implementing security in web > services. I'm working with policy example #3 to try and get an idea for > how > security policy works. Direct link here: > > https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-samples/policy/sample03/ > > I've changed the invoked web service method but the policy is the same, > but > I'm a bit confused by something. As I understand it the soap message body > in > this example should be encrypted, correct? But looking at the messages in > SOAPMonitor, I am seeing the security header but the body in plain text. > Is > the policy not being applied properly? > > I'm also seeing differences in the response shown in SOAPMonitor and a > printout of the OMElement response in the client (messages displayed > below). > The OMElement shows the wsa, xenc and wsu namespaces while SOAPMonitor > does > not. > > Basically I'm a bit confused by what I am seeing in SOAPMonitor and I'm > not > sure whether this is indicating that the policy is not being applied > properly or whether this is typical behaviour of SOAPMonitor itself? > > Also, despite reading into WS-Policy I'm still rather unsure of it, > generally. Are there any guides to creating policy documents? Ultimately > my > aim is for the requests to the service to have a UsernameToken and the > SOAP > body encrypted. And the response message body to be encrypted. > > > > SOAPMonitor Request Body: > > <! -- Header omitted -- > > <soapenv:Body > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > wsu:Id="Id-21192393"> > <ns2:testFunction xmlns:ns2="http://webservice.example.com/xsd";> > <arg0 >username</arg0> > <arg1>pas</arg1> > </ns2:testFunction> > </soapenv:Body> > </soapenv:Envelope> > > > SOAPMonitor Response Message: > > <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/ > "> > <soapenv:Body> > <ns:testFunctionResponse xmlns:ns="http://webservice.example.com/xsd";> > <ns:return> > <responseCode xmlns="http://schema.example.com/xsd > ">0</responseCode> > <responseMessage xmlns="http://schema.example.com/xsd";>Request > Fulfilled</responseMessage> > </ns:return> > </ns:testFunctionResponse> > </soapenv:Body> > </soapenv:Envelope> > > > Printout of response message at client: > > <ns:testFunctionResponse xmlns:ns="http://webservice.example.com/xsd"; > xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:wsa="http://www.w3.org/2005/08/addressing"; > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; > xmlns:wsu=" > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > "> > <ns:return> > <responseCode xmlns:axis2ns7="http://schema.example.com/xsd"; > mlns="http://schema.example.com/xsd";>0</responseCode> > <responseMessage xmlns="http://schema.example.com/xsd"; > xmlns:axis2ns8="http://schema.example.com/xsd";>Request > Fulfilled</responseMessage> > </ns:return> > </ns:exampleFunctionResponse> > > > Regards, > Alan. > > -- > View this message in context: > http://www.nabble.com/%28Rampart%29-Not-seeing-encrypted-message-in-SOAPMonitor-tf4368000.html#a12450000 > Sent from the Axis - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Amila Suriarachchi, WSO2 Inc.
