Hi Jason,
You need to have that Username Token assertion inside a
supporting token assertion.
<wsp:Policy wsu:Id="UToverHTTP"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken/>
</wsp:Policy>
</sp:SupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>Alice</ramp:user>
<ramp:passwordCallbackClass>org.apache.testing.clients.WSS11Client</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
But here the password is in clear text. If you are using Rampart
SNAPSHOT , you can use WS Security Policy 1.2 to send the hashed
password. The policy for that is given below.
<wsp:Policy wsu:Id="HashedPasswordoverHTTP"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:ExactlyOne>
<wsp:All>
<sp:SupportingTokens>
<wsp:Policy>
<sp:UsernameToken>
<wsp:Policy>
<sp:HashPassword/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<ramp:RampartConfig
xmlns:ramp="http://ws.apache.org/rampart/policy";>
<ramp:user>Alice</ramp:user>
<ramp:passwordCallbackClass>org.apache.testing.clients.WSS11Client</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
thanks,
/nandana
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
