Hi Nandana, I am trying to merge the policy's of Sample01 and Sample04 from the "samples/policy". I am trying to test a policy to pass SecureConversation Token without using encryption certificate (X.509) as defined in policy of Sample04. As the web service URI will be on secure HTTP connection (https) can we have a policy with Secure Conversation Token (as we are passing multiple messages) and not have one more encryption layer of X509 in the policy file?
I am testing with this modified policy, can you please check what I am missing in this: <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec urity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:SecureConversationToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/In cludeToken/AlwaysToRecipient" /> </wsp:Policy> </sp:SignedSupportingTokens> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>client</ramp:user> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample04.P WCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Thanks Bhushan From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 23, 2008 10:03 PM To: [email protected] Subject: Re: How to stop calling PWCallback logic for authentication using SecureConversation Hi Bhushan, Can you post the modified policy you are using for this scenario so we can debug and see ? In real project scenario the PWCallback class will contain calls to LDAP for authentication and the whole purpose we are trying to implement WS-SecureConversation in addition to WS-Security is that we can to Secure Conversation between messages and not have to do LDAP authentication for every message. Yes, I also wonder why we need to call the PWCallback once a SCT is established. Thanks, Nandana Bhushan Gupte [1] OMElement response = client.sendReceive(getPayload("Hello world1")); System.out.println("Response 1 : " + response); response = client.sendReceive(getPayload("Hello world2")); System.out.println("Response 2 : " + response); response = client.sendReceive(getPayload("Hello world3")); System.out.println("Response 3 : " + response); [2] for (int i = 0; i < callbacks.length; i++) { WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i]; String id = pwcb.getIdentifer(); if("client".equals(id)) { pwcb.setPassword("apache"); } else if("service".equals(id)) { pwcb.setPassword("apache"); } }
