from what I have seen from Rampart axis2.xml the 'Signature Encrypt Timestamp'
InflowSecurity/OutflowSecurity parameters would contain these elements
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature</items>
<user>client</user>
<signaturePropFile>client.properties</signaturePropFile>
<passwordCallbackClass>org.apache.rampart.samples.sample04.PWCBHandler</passwordCallbackClass>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
</action>
</parameter>
where client.properties would contain:
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=StateOfUenmployment
org.apache.ws.security.crypto.merlin.file=client.jks
the above elements are covered by the ramp namespace specifically
http://ws.apache.org/rampart/policy
the namespace which identifies the part elements
http://schemas.xmlsoap.org/ws/2005/07/securitypolicy specifies
<xs:element name="OnlySignEntireHeadersAndBody" type="tns:QNameAssertionType">
<xs:annotation>
<xs:documentation xml:lang="en">
8.4 SymmetricBinding Assertion
</xs:documentation>
</xs:annotation>
the WSS SOAP Message Security spec covers these details at
http://74.125.47.132/search?q=cache:NMT1bn1O2Y4J:specs.xmlsoap.org/ws/2005/07/securitypolicy/ws-securitypolicy.pdf+%228.4+SymmetricBinding+Assertion%22+definition&cd=1&hl=en&ct=clnk&gl=us#43
8.4 SymmetricBinding Assertion:
The SymmetricBinding assertion is used in scenarios in which message protection
is
provided by means defined in WSS: SOAP Message Security. This binding has two
binding specific token properties;
1)
[Encryption Token] If the message pattern requires multiple messages, this
binding defines that the [Encryption
Token] used from initiator to recipient is also used from recipient to
initiator.
MG>this pertains to your first question on Encryption and is covered by
namespace<MG
MG>http://schemas.xmlsoap.org/ws/2005/07/securitypolicy<MG
and
2)
[Signature Token].
Similarly the [Signature Token] used from initiator to recipient is also used
from recipient to initiator.
MG>this pertains to your followup question on SignatureToken and is covered by
rampart<MG
MG>http://ws.apache.org/rampart/policy<MG
If a sp:ProtectionToken assertion is specified, the specified token populates
both token properties and is used as the basis for both encryption and
signature in both
directions. This assertion MUST apply to [Endpoint Policy Subject].
there is alot here but I hope this answers your question
Martin
______________________________________________
Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de
déni et de confidentialité
This message is confidential. If you should not be the intended receiver, then
we ask politely to report. Each unauthorized forwarding or manufacturing of a
copy is inadmissible. This message serves only for the exchange of information
and has no legal binding effect. Due to the easy manipulation of emails we
cannot take responsibility over the the contents.
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Date: Tue, 5 May 2009 13:29:35 +1200
> From: [email protected]
> To: [email protected]
> Subject: Re: Axis2/Rampart 1.4 - Ecrypt header information
>
> Thank you for your reply Martin, I am trying to use WS Policy to encrypt the
> header as well as the body. I saw that element in the samples that came with
> rampart. Do you know if the example (sample 3) is equivalent to a set of
> actions of 'Signature Encrypt Timestamp'?
>
> Regards,
>
> Mohannad
>
>
> ----- Original Message -----
> From: "Martin Gainty" <[email protected]>
> To: [email protected]
> Sent: Tuesday, 5 May, 2009 11:32:34 GMT +12:00 New Zealand
> Subject: RE: Axis2/Rampart 1.4 - Ecrypt header information
>
> you want to look at implmenting OnlySignEntireHeadersAndBody element e.g.
> <sp:OnlySignEntireHeadersAndBody/>
> this is included in policy-mtom-security.xml
>
> the OnlySignEntireHeadersAndBody element would need to be included in a
> binding which references http://schemas.xmlsoap.org/ws/2005/07/securitypolicy
> namespace e.g.
>
> <sp:AsymmetricBinding
> xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
>
> Axis2-1.3 has a MTOMAssertionTestCase sample testcase you can use
>
> package org.apache.axis2.policy.model;
>
> import junit.framework.TestCase;
> import org.apache.axiom.om.OMElement;
> import org.apache.axiom.om.impl.builder.StAXOMBuilder;
> import org.apache.neethi.Assertion;
> import org.apache.neethi.Policy;
> import org.apache.neethi.PolicyEngine;
> import java.util.Iterator;
> import java.util.List;
>
> public class MTOMAssertionTest extends TestCase {
> public void testSymmBinding() {
> try {
> Policy p = this.getPolicy(System.getProperty("basedir", ".") +
> "/test-resources/policy-mtom-security.xml");
> List assertions = (List)p.getAlternatives().next();
>
> boolean isMTOMAssertionFound = false;
>
> for (Iterator iter = assertions.iterator(); iter.hasNext();) {
> Assertion assertion = (Assertion)iter.next();
> if (assertion instanceof MTOMAssertion) {
> isMTOMAssertionFound = true;
> MTOMAssertion mtomModel = (MTOMAssertion)assertion;
> assertEquals("MIME Serialization assertion not processed", false,
> mtomModel.isOptional());
> }
>
> }
> //The Asymm binding mean is not built in the policy processing :-(
> assertTrue("MTOM Assertion not found.", isMTOMAssertionFound);
>
> } catch (Exception e) {
> e.printStackTrace();
> fail(e.getMessage());
> }
> }
> private Policy getPolicy(String filePath) throws Exception {
> StAXOMBuilder builder = new StAXOMBuilder(filePath);
> OMElement elem = builder.getDocumentElement();
> return PolicyEngine.getPolicy(elem);
> }
> }
>
> Martin Gainty
> United Health Group Medicode publishers 2002-2003
> deNovisMedicalSystems HIPAA EDI 2004
> Curaspan the eDischarge Company HL7 Interfaces 2006
> USCitizen(Contractor)
> ______________________________________________
> Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note
> de déni et de confidentialité
> This message is confidential. If you should not be the intended receiver,
> then we ask politely to report. Each unauthorized forwarding or manufacturing
> of a copy is inadmissible. This message serves only for the exchange of
> information and has no legal binding effect. Due to the easy manipulation of
> emails we cannot take responsibility over the the contents.
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
> sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
> oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich
> dem Austausch von Informationen und entfaltet keine rechtliche
> Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen
> wir keine Haftung fuer den Inhalt uebernehmen.
> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
> destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
> l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci
> est interdite. Ce message sert à l'information seulement et n'aura pas
> n'importe quel effet légalement obligatoire. Étant donné que les email
> peuvent facilement être sujets à la manipulation, nous ne pouvons accepter
> aucune responsabilité pour le contenu fourni.
>
>
>
>
>
>
> > Date: Tue, 5 May 2009 09:08:52 +1200
> > From: [email protected]
> > To: [email protected]
> > Subject: Axis2/Rampart 1.4 - Ecrypt header information
> >
> > Hello,
> >
> > Does anybody know how I can tell rampart to encrypt header information in
> > the SOAP response?
> >
> > Regards,
> >
> > Mohannad
>
>
> Hotmail® has a new way to see what's up with your friends. Check it out.
>
_________________________________________________________________
Insert movie times and more without leaving Hotmail®.
http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd1_052009
