Re: [Rampart] Creation of policy file based on policy included in WSDL

stlecho Thu, 21 Aug 2008 06:52:55 -0700

In the axis2.xml file we're using we had defined the following:
"<signatureParts>{Element}{http://schemas.xmlsoap.org/soap/envelope/}Body</signatureParts>"
but we were required to change this and use
"<signatureParts>{Element}{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp;Token;Body</signatureParts>".


Is this coherent with the policy definition in the WSDL (extract shown
below) ?

  <wsp:UsingPolicy s1:Required="true"/>
  <wsp:Policy s0:Id="Wssp1.2-SignBody.xml">
    <sp:SignedParts
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512";>
      <sp:Body/>
    </sp:SignedParts>
  </wsp:Policy>
  <wsp:Policy s0:Id="Wssp1.2-Wss1.0-X509-Basic256.xml">
    <sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512";>
      <wsp:Policy>
        <sp:InitiatorToken>
          <wsp:Policy>
            <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient";>
              <wsp:Policy>
                <sp:WssX509V3Token10/>
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:InitiatorToken>
        <sp:RecipientToken>
          <wsp:Policy>
            <sp:X509Token
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/Never";>
              <wsp:Policy>
                <sp:WssX509V3Token10/>
              </wsp:Policy>
            </sp:X509Token>
          </wsp:Policy>
        </sp:RecipientToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic256/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
          <wsp:Policy>
            <sp:Lax/>
          </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
        <sp:ProtectTokens/>
        <sp:OnlySignEntireHeadersAndBody/>
      </wsp:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss10
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512";>
      <wsp:Policy>
        <sp:MustSupportRefKeyIdentifier/>
        <sp:MustSupportRefIssuerSerial/>
      </wsp:Policy>
    </sp:Wss10>
  </wsp:Policy>



Nunny wrote:
> 
> Can you post the WSDL which contains the policies , so that we can see
> whether this is the correct Rampart configuration.
> 
> thanks,
> nandana
> 
> On Wed, Aug 20, 2008 at 1:05 PM, stlecho <[EMAIL PROTECTED]> wrote:
> 
>>
>> Hi Nandana,
>>
>> Currently, I'm using the axis2.xml file to engage the Rampart module.
>> Within
>> this axis2.xml file, I've configured the "InflowSecurity" and
>> "OutflowSecurity" parameters with
>> "<action><items>Signature</items>...</action>".
>>
>> Will in this case the message be signed according to the policy defined
>> in
>> the WSDL ?
>>
>> Regards, Stefan Lecho.
>>
>>
>> Nunny wrote:
>> >
>> > Hi Stefan,
>> >            How are you creating the client ? If you are using Axis2
>> code
>> > generation tools, the policy will be automatically injected to the
>> > generated
>> > stub. So you only need to provide Rampart specific configuration
>> details.
>> > Please look at the these two tutorials.
>> >
>> > http://www.wso2.org/library/3190#Securing_the_client
>> > http://www.wso2.org/library/3415#securing_the_client
>> >
>> > thanks,
>> > nandana
>> >
>> > On Mon, Aug 18, 2008 at 6:20 PM, stlecho <[EMAIL PROTECTED]> wrote:
>> >
>> >>
>> >> Hi,
>> >>
>> >> I'm developing a client for a webservice. The WSDL linked to this
>> >> webservice
>> >> contains a Policy description. Can I use this policy used as such with
>> >> Rampart or should it be fine-tuned ?
>> >>
>> >> Regards, Stefan Lecho.
>> >> --
>> >> View this message in context:
>> >>
>> http://www.nabble.com/-Rampart--Creation-of-policy-file-based-on-policy-included-in-WSDL-tp19031059p19031059.html
>> >> Sent from the Axis - User mailing list archive at Nabble.com.
>> >>
>> >>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> >> For additional commands, e-mail: [EMAIL PROTECTED]
>> >>
>> >>
>> >
>> >
>> > --
>> > Nandana Mihindukulasooriya
>> > WSO2 inc.
>> >
>> > http://nandana83.blogspot.com/
>> > http://www.wso2.org
>> >
>> >
>>
>> --
>> View this message in context:
>> http://www.nabble.com/-Rampart--Creation-of-policy-file-based-on-policy-included-in-WSDL-tp19031059p19064273.html
>> Sent from the Axis - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
> 
> 
> -- 
> Nandana Mihindukulasooriya
> WSO2 inc.
> 
> http://nandana83.blogspot.com/
> http://www.wso2.org
> 
> 

-- 
View this message in context: 
http://www.nabble.com/-Rampart--Creation-of-policy-file-based-on-policy-included-in-WSDL-tp19031059p19089227.html
Sent from the Axis - User mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Rampart] Creation of policy file based on policy included in WSDL

Reply via email to