Inflow/Outflow policy distinguish in Service Configuration (rampart)

Sun, 24 Jan 2010 06:01:55 -0800 

Hi,

I'm using Apache Ode to orchestrate a couple of services. One service I
invoke uses WS-Security for authentication and so on. I'm able to talk
to the service but I'm getting a "missing WS-Security Header"-exception.
The problem is that the invoke response does not contain a security
header. Using TCPMon shows me that everything works. I think/know that
the rampart module checks the policy and fails.

Now to my question: Is it possible to set a parameter in the service
configuration to distinguish between Inflow and Outflow policies?


Here is my service configuration:
<service>
        <module ref="rampart" />
        
        <wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
         <wsp:ExactlyOne>
          <wsp:All>
           <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <wsp:Policy>
             <sp:InitiatorToken>
              <wsp:Policy>
               <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
                <wsp:Policy>
                 <sp:WssX509V3Token10/>
                </wsp:Policy>
               </sp:X509Token>
              </wsp:Policy>
             </sp:InitiatorToken>
             <sp:RecipientToken>
              <wsp:Policy>
               <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
                <wsp:Policy>
                 <sp:WssX509V3Token10/>
                </wsp:Policy>
               </sp:X509Token>
              </wsp:Policy>
             </sp:RecipientToken>
             <sp:AlgorithmSuite>
              <wsp:Policy>
               <sp:TripleDesRsa15/>
              </wsp:Policy>
             </sp:AlgorithmSuite>
             <sp:Layout>
              <wsp:Policy>
               <sp:Strict/>
              </wsp:Policy>
             </sp:Layout>
             <sp:IncludeTimestamp/>
             <sp:OnlySignEntireHeadersAndBody/>
            </wsp:Policy>
           </sp:AsymmetricBinding>
           <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <wsp:Policy>
             <sp:MustSupportRefKeyIdentifier/>
             <sp:MustSupportRefIssuerSerial/>
            </wsp:Policy>
           </sp:Wss10>
           <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
            <sp:Body/>
           </sp:SignedParts>
           <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
            <ramp:user>xx</ramp:user>
            <ramp:encryptionUser>service</ramp:encryptionUser>
        
<ramp:passwordCallbackClass>net.xxx.axis2.PWCBHandler</ramp:passwordCallbackClass>
            <ramp:signatureCrypto>
             <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
              <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
              <ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/xx/Keystore/xx.jks</ramp:property>
              <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">xxx</ramp:property>
             </ramp:crypto>
            </ramp:signatureCrypto>
           </ramp:RampartConfig>
          </wsp:All>
         </wsp:ExactlyOne>
        </wsp:Policy>
        




Thanks,
Jonas

Reply via email to