Author: dkulp
Date: Wed Jul 8 19:02:19 2009
New Revision: 792264
URL: http://svn.apache.org/viewvc?rev=792264&view=rev
Log:
[CXF-2333] Add support for the encrypted/signed stuff based on xpaths
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
Wed Jul 8 19:02:19 2009
@@ -50,6 +50,9 @@
ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);
ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_ELEMENTS);
+ ASSERTION_TYPES.add(SP12Constants.SIGNED_ELEMENTS);
+ ASSERTION_TYPES.add(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSupportingTokens());
ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSignedSupportingTokens());
ASSERTION_TYPES.add(SP12Constants.INSTANCE.getEndorsingSupportingTokens());
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
Wed Jul 8 19:02:19 2009
@@ -34,8 +34,12 @@
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
@@ -43,6 +47,7 @@
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
@@ -53,7 +58,9 @@
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
@@ -279,10 +286,73 @@
return action;
}
-
+ private void assertXPathTokens(AssertionInfoMap aim,
+ QName name,
+ Collection<WSDataRef> refs,
+ SoapMessage msg,
+ SOAPMessage doc,
+ String type,
+ boolean content) throws SOAPException {
+ Collection<AssertionInfo> ais = aim.get(name);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ Map<String, String> namespaces = null;
+ List<String> xpaths = null;
+ if (content) {
+ ContentEncryptedElements p =
(ContentEncryptedElements)ai.getAssertion();
+ namespaces = p.getDeclaredNamespaces();
+ xpaths = p.getXPathExpressions();
+ } else {
+ SignedEncryptedElements p =
(SignedEncryptedElements)ai.getAssertion();
+ namespaces = p.getDeclaredNamespaces();
+ xpaths = p.getXPathExpressions();
+ }
+ if (xpaths != null) {
+ XPathFactory factory = XPathFactory.newInstance();
+ for (String expression : xpaths) {
+ XPath xpath = factory.newXPath();
+ if (namespaces != null) {
+ xpath.setNamespaceContext(new
MapNamespaceContext(namespaces));
+ }
+ try {
+ NodeList list =
(NodeList)xpath.evaluate(expression,
+
doc.getSOAPPart().getEnvelope(),
+
XPathConstants.NODESET);
+ boolean found = list.getLength() == 0;
+ for (int x = 0; x < list.getLength(); x++) {
+ Element el = (Element)list.item(x);
+ for (WSDataRef r : refs) {
+ if (r.getProtectedElement() == el
+ && r.isContent() == content) {
+ found = true;
+ }
+ }
+ }
+ if (!found) {
+ ai.setNotAsserted("No " + type
+ + " element found matching
XPath " + expression);
+ }
+ } catch (Exception ex) {
+ //REVISIT
+ }
+ }
+ }
+ }
+ }
+ }
+
+ private boolean contains(Collection<WSDataRef> refs, QName qn) {
+ for (WSDataRef r : refs) {
+ if (r.getName().equals(qn)) {
+ return true;
+ }
+ }
+ return false;
+ }
private void assertTokens(AssertionInfoMap aim,
QName name,
- Collection<QName> signed,
+ Collection<WSDataRef> signed,
SoapMessage msg,
SOAPMessage doc,
String type) throws SOAPException {
@@ -291,12 +361,12 @@
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
SignedEncryptedParts p =
(SignedEncryptedParts)ai.getAssertion();
- if (p.isBody() &&
!signed.contains(msg.getVersion().getBody())) {
+ if (p.isBody() && !contains(signed,
msg.getVersion().getBody())) {
ai.setNotAsserted(msg.getVersion().getBody() + " not " +
type);
return;
}
for (Header h : p.getHeaders()) {
- if (!signed.contains(h.getQName())) {
+ if (!contains(signed, h.getQName())) {
boolean found = false;
Element nd =
DOMUtils.getFirstElement(doc.getSOAPHeader());
while (nd != null && !found) {
@@ -389,8 +459,8 @@
protected void doResults(SoapMessage msg, String actor,
SOAPMessage doc, Vector results) throws
SOAPException, XMLStreamException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
- Collection<QName> signed = new HashSet<QName>();
- Collection<QName> encrypted = new HashSet<QName>();
+ Collection<WSDataRef> signed = new HashSet<WSDataRef>();
+ Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
boolean hasDerivedKeys = false;
boolean hasEndorsement = false;
Protections prots = Protections.NONE;
@@ -411,7 +481,7 @@
break;
}
for (WSDataRef r : sl) {
- signed.add(r.getName());
+ signed.add(r);
}
prots = addSign(prots);
}
@@ -421,7 +491,7 @@
.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
if (el != null) {
for (WSDataRef r : el) {
- encrypted.add(r.getName());
+ encrypted.add(r);
}
prots = addEncrypt(prots);
}
@@ -444,8 +514,12 @@
}
}
assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc,
"signed");
- assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, signed, msg, doc,
"encrypted");
-
+ assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc,
"encrypted");
+ assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg,
doc, "signed", false);
+ assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted,
msg, doc, "encrypted", false);
+ assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS,
encrypted, msg,
+ doc, "encrypted", true);
+
assertAsymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
assertSymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
assertTransportBinding(aim);
Modified:
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
---
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
(original)
+++
cxf/trunk/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
Wed Jul 8 19:02:19 2009
@@ -78,6 +78,7 @@
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KeyValueToken;
@@ -679,7 +680,8 @@
SignedEncryptedParts parts = null;
SignedEncryptedElements elements = null;
-
+ ContentEncryptedElements celements = null;
+
Collection<AssertionInfo> ais =
aim.getAssertionInfo(SP12Constants.ENCRYPTED_PARTS);
if (ais != null) {
for (AssertionInfo ai : ais) {
@@ -694,6 +696,13 @@
ai.setAsserted(true);
}
}
+ ais = aim.getAssertionInfo(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ celements = (ContentEncryptedElements)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+ }
List<WSEncryptionPart> signedParts = new ArrayList<WSEncryptionPart>();
if (parts != null) {
@@ -711,7 +720,9 @@
isBody,
signedParts,
elements == null ? null :
elements.getXPathExpressions(),
- elements == null ? null :
elements.getDeclaredNamespaces());
+ elements == null ? null :
elements.getDeclaredNamespaces(),
+ celements == null ? null :
celements.getXPathExpressions(),
+ celements == null ? null :
celements.getDeclaredNamespaces());
}
public Vector<WSEncryptionPart> getSignedParts()
@@ -753,13 +764,16 @@
isSignBody,
signedParts,
elements == null ? null :
elements.getXPathExpressions(),
- elements == null ? null :
elements.getDeclaredNamespaces());
+ elements == null ? null :
elements.getDeclaredNamespaces(),
+ null, null);
}
public Vector<WSEncryptionPart> getPartsAndElements(boolean sign,
boolean includeBody,
List<WSEncryptionPart>
parts,
List<String> xpaths,
- Map<String, String>
namespaces)
+ Map<String, String>
namespaces,
+ List<String> contentXpaths,
+ Map<String, String>
cnamespaces)
throws SOAPException {
Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
@@ -838,16 +852,19 @@
for (int x = 0; x < list.getLength(); x++) {
Element el = (Element)list.item(x);
if (sign) {
- result.add(new WSEncryptionPart(el.getLocalName(),
+ WSEncryptionPart part = new
WSEncryptionPart(el.getLocalName(),
el.getNamespaceURI(),
"Content",
-
WSConstants.PART_TYPE_ELEMENT));
+
WSConstants.PART_TYPE_ELEMENT);
+ part.setXpath(expression);
+ result.add(part);
} else {
WSEncryptionPart encryptedElem = new
WSEncryptionPart(el.getLocalName(),
el.getNamespaceURI(),
"Element",
WSConstants
.PART_TYPE_ELEMENT);
+ encryptedElem.setXpath(expression);
String wsuId =
el.getAttributeNS(WSConstants.WSU_NS, "Id");
if (!StringUtils.isEmpty(wsuId)) {
@@ -861,6 +878,36 @@
}
}
}
+ if (contentXpaths != null && !contentXpaths.isEmpty()) {
+ XPathFactory factory = XPathFactory.newInstance();
+ for (String expression : contentXpaths) {
+ XPath xpath = factory.newXPath();
+ if (cnamespaces != null) {
+ xpath.setNamespaceContext(new
MapNamespaceContext(cnamespaces));
+ }
+ try {
+ NodeList list = (NodeList)xpath.evaluate(expression,
saaj.getSOAPPart().getEnvelope(),
+ XPathConstants.NODESET);
+ for (int x = 0; x < list.getLength(); x++) {
+ Element el = (Element)list.item(x);
+ WSEncryptionPart encryptedElem = new
WSEncryptionPart(el.getLocalName(),
+
el.getNamespaceURI(),
+
"Content",
+
WSConstants
+
.PART_TYPE_ELEMENT);
+ encryptedElem.setXpath(expression);
+ String wsuId = el.getAttributeNS(WSConstants.WSU_NS,
"Id");
+
+ if (!StringUtils.isEmpty(wsuId)) {
+ encryptedElem.setEncId(wsuId);
+ }
+ result.add(encryptedElem);
+ }
+ } catch (XPathExpressionException e) {
+ //REVISIT!!!!
+ }
+ }
+ }
return result;
}
@@ -1535,9 +1582,11 @@
Element encHeader =
(Element)encDataElem.getParentNode();
String encHeaderId =
encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
- signedParts.remove(signedPart);
- WSEncryptionPart encHeaderToSign = new
WSEncryptionPart(encHeaderId);
- signedParts.add(encHeaderToSign);
+ if (!StringUtils.isEmpty(encHeaderId)) {
+ signedParts.remove(signedPart);
+ WSEncryptionPart encHeaderToSign = new
WSEncryptionPart(encHeaderId);
+ signedParts.add(encHeaderToSign);
+ }
}
}
}
Modified:
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
---
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
(original)
+++
cxf/trunk/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
Wed Jul 8 19:02:19 2009
@@ -67,6 +67,7 @@
public static final String POLICY_SIGNENC_PROVIDER_ADDRESS
= "http://localhost:9010/SecPolTestSignThenEncryptProvider";;
public static final String POLICY_SIGN_ADDRESS =
"http://localhost:9010/SecPolTestSign";;
+ public static final String POLICY_XPATH_ADDRESS =
"http://localhost:9010/SecPolTestXPath";;
public static class ServerPasswordCallback implements CallbackHandler {
@@ -125,7 +126,15 @@
SecurityPolicyTest.class.getResource("bob.properties").toString());
ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
-
+
+ ep = (EndpointImpl)Endpoint.publish(POLICY_XPATH_ADDRESS,
+ new DoubleItImplXPath());
+ ei = ep.getServer().getEndpoint().getEndpointInfo();
+ ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new
KeystorePasswordCallback());
+ ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
+
SecurityPolicyTest.class.getResource("alice.properties").toString());
+ ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
+
SecurityPolicyTest.class.getResource("bob.properties").toString());
ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_PROVIDER_ADDRESS,
new DoubleItProvider());
@@ -136,7 +145,6 @@
SecurityPolicyTest.class.getResource("bob.properties").toString());
ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
-
}
@Test
@@ -144,6 +152,16 @@
DoubleItService service = new DoubleItService();
DoubleItPortType pt;
+ pt = service.getDoubleItPortXPath();
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
+ new
KeystorePasswordCallback());
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+
getClass().getResource("alice.properties"));
+
((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
+
getClass().getResource("bob.properties"));
+ assertEquals(BigInteger.valueOf(10),
pt.doubleIt(BigInteger.valueOf(5)));
+
+
pt = service.getDoubleItPortEncryptThenSign();
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new
KeystorePasswordCallback());
@@ -294,7 +312,17 @@
return numberToDouble.multiply(new BigInteger("2"));
}
}
-
+ @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt";,
+ portName = "DoubleItPortXPath",
+ serviceName = "DoubleItService",
+ endpointInterface =
"org.apache.cxf.policytest.doubleit.DoubleItPortType",
+ wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+ public static class DoubleItImplXPath implements DoubleItPortType {
+ /** {...@inheritdoc}*/
+ public BigInteger doubleIt(BigInteger numberToDouble) {
+ return numberToDouble.multiply(new BigInteger("2"));
+ }
+ }
@WebServiceProvider(targetNamespace =
"http://cxf.apache.org/policytest/DoubleIt";,
portName = "DoubleItPortSignThenEncrypt",
serviceName = "DoubleItService",
Modified: cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=792264&r1=792263&r2=792264&view=diff
==============================================================================
--- cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/trunk/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Wed Jul 8
19:02:19 2009
@@ -1,327 +1,399 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- -->
-<wsdl:definitions name="DoubleIt"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema";
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
- xmlns:tns="http://cxf.apache.org/policytest/DoubleIt";
- targetNamespace="http://cxf.apache.org/policytest/DoubleIt";
- xmlns:wsp="http://www.w3.org/ns/ws-policy";
-
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
- xmlns:wsaws="http://www.w3.org/2005/08/addressing";
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
- xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy";>
- <wsdl:types>
- <xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt";>
- <xsd:element name="DoubleIt">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="numberToDouble" type="xsd:integer"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="DoubleItResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="doubledNumber" type="xsd:integer" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:schema>
- </wsdl:types>
- <wsdl:message name="DoubleItRequest">
- <wsdl:part element="tns:DoubleIt" name="parameters" />
- </wsdl:message>
- <wsdl:message name="DoubleItResponse">
- <wsdl:part element="tns:DoubleItResponse" name="parameters" />
- </wsdl:message>
- <wsdl:portType name="DoubleItPortType">
- <wsdl:operation name="DoubleIt">
- <wsdl:input message="tns:DoubleItRequest" />
- <wsdl:output message="tns:DoubleItResponse" />
- </wsdl:operation>
- </wsdl:portType>
- <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItBindingPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http"; />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:binding name="DoubleItBindingEncryptThenSign"
type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http"; />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:binding name="DoubleItBindingSignThenEncrypt"
type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http"; />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItSignPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http"; />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:service name="DoubleItService">
- <wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
- <soap:address
- location="https://localhost:9009/SecPolTest"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
- <soap:address
- location="http://localhost:9010/SecPolTest"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortEncryptThenSign"
binding="tns:DoubleItBindingEncryptThenSign">
- <soap:address
- location="http://localhost:9010/SecPolTestEncryptThenSign"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortSignThenEncrypt"
binding="tns:DoubleItBindingSignThenEncrypt">
- <soap:address
- location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
- <soap:address
- location="http://localhost:9010/SecPolTestSign"/>
- </wsdl:port>
- </wsdl:service>
-
- <wsp:Policy wsu:Id="DoubleItBindingPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy"/>
- </wsp:All>
- <wsp:All>
- <wsaws:UsingAddressing
xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
- <sp:TransportBinding>
- <wsp:Policy>
- <sp:TransportToken>
- <wsp:Policy>
- <sp:HttpsToken RequireClientCertificate="false"/>
- </wsp:Policy>
- </sp:TransportToken>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic128/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- </wsp:Policy>
- </sp:TransportBinding>
- <sp:Wss10>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedSupportingTokens>
- <wsp:Policy>
- <sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
- <wsp:Policy>
- <sp:WssUsernameToken10/>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
- <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
- <sp:OnlySignEntireHeadersAndBody/>
- <sp:EncryptBeforeSigning/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:Body/>
- </sp:SignedParts>
- <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <!-- sp:MustSupportRefKeyIdentifier/-->
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
- <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
- <sp:OnlySignEntireHeadersAndBody/>
- <sp:SignBeforeEncrypting/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:Body/>
- </sp:SignedParts>
- <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:Policy>
- <!-- sp:MustSupportRefKeyIdentifier/-->
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-
- <wsp:Policy wsu:Id="DoubleItSignPolicy"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256 />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict />
- </wsp:Policy>
- </sp:Layout>
- <sp:OnlySignEntireHeadersAndBody />
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
- <wsp:Policy>
- <sp:MustSupportRefEmbeddedToken />
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
- <sp:Body />
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
+ <!--
+ * Licensed to the Apache Software Foundation (ASF) under one *
or more
+ contributor license agreements. See the NOTICE file *
distributed with
+ this work for additional information * regarding copyright
ownership.
+ The ASF licenses this file * to you under the Apache License,
Version
+ 2.0 (the * "License"); you may not use this file except in
compliance
+ * with the License. You may obtain a copy of the License at * *
+ http://www.apache.org/licenses/LICENSE-2.0 * * Unless required
by
+ applicable law or agreed to in writing, * software distributed
under
+ the License is distributed on an * "AS IS" BASIS, WITHOUT
WARRANTIES
+ OR CONDITIONS OF ANY * KIND, either express or implied. See the
+ License for the * specific language governing permissions and
+ limitations * under the License.
+ -->
+<wsdl:definitions name="DoubleIt"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:tns="http://cxf.apache.org/policytest/DoubleIt";
+ targetNamespace="http://cxf.apache.org/policytest/DoubleIt";
xmlns:wsp="http://www.w3.org/ns/ws-policy";
+
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing";
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";
+ xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy";>
+ <wsdl:types>
+ <xsd:schema
targetNamespace="http://cxf.apache.org/policytest/DoubleIt";>
+ <xsd:element name="DoubleIt">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element
name="numberToDouble" type="xsd:integer" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="DoubleItResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element
name="doubledNumber" type="xsd:integer" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ </wsdl:types>
+ <wsdl:message name="DoubleItRequest">
+ <wsdl:part element="tns:DoubleIt" name="parameters" />
+ </wsdl:message>
+ <wsdl:message name="DoubleItResponse">
+ <wsdl:part element="tns:DoubleItResponse" name="parameters" />
+ </wsdl:message>
+ <wsdl:portType name="DoubleItPortType">
+ <wsdl:operation name="DoubleIt">
+ <wsdl:input message="tns:DoubleItRequest" />
+ <wsdl:output message="tns:DoubleItResponse" />
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItBindingPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingEncryptThenSign"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingSignThenEncrypt"
type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSignPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingXPath" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItEncryptXPathPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"; />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="DoubleItService">
+ <wsdl:port name="DoubleItPortHttps"
binding="tns:DoubleItBinding">
+ <soap:address
location="https://localhost:9009/SecPolTest"; />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortHttp"
binding="tns:DoubleItBinding">
+ <soap:address
location="http://localhost:9010/SecPolTest"; />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortEncryptThenSign"
binding="tns:DoubleItBindingEncryptThenSign">
+ <soap:address
location="http://localhost:9010/SecPolTestEncryptThenSign"; />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortSignThenEncrypt"
binding="tns:DoubleItBindingSignThenEncrypt">
+ <soap:address
location="http://localhost:9010/SecPolTestSignThenEncrypt"; />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortSign"
binding="tns:DoubleItBindingSign">
+ <soap:address
location="http://localhost:9010/SecPolTestSign"; />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortXPath"
binding="tns:DoubleItBindingXPath">
+ <soap:address
location="http://localhost:9010/SecPolTestXPath"; />
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="DoubleItBindingPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <foo:unknownPolicy
xmlns:foo="http://cxf.apache.org/not/a/policy"; />
+ </wsp:All>
+ <wsp:All>
+ <wsaws:UsingAddressing
xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"; />
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken
RequireClientCertificate="false" />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:Wss10>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier
/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+
<sp:WssUsernameToken10 />
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:WssX509V1Token11 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:WssX509V1Token11 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+
<sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+
<sp:OnlySignEntireHeadersAndBody />
+ <sp:EncryptBeforeSigning />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedParts
+
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <!--
sp:MustSupportRefKeyIdentifier/-->
+ <sp:MustSupportRefIssuerSerial
/>
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:WssX509V1Token11 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+
<wsp:Policy>
+
<sp:WssX509V1Token11 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+
<sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+
<sp:OnlySignEntireHeadersAndBody />
+ <sp:SignBeforeEncrypting />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedParts
+
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <!--
sp:MustSupportRefKeyIdentifier/-->
+ <sp:MustSupportRefIssuerSerial
/>
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+ <wsp:Policy wsu:Id="DoubleItSignPolicy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
+
<wsp:Policy>
+
<sp:WssX509V3Token10 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
+
<wsp:Policy>
+
<sp:WssX509V3Token10 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+
<sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+ <wsp:Policy>
+ <sp:MustSupportRefEmbeddedToken
/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
+
xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+ <sp:Body />
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItEncryptXPathPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient";>
+
<wsp:Policy>
+
<sp:WssX509V1Token11 />
+
</wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+
<sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+
<sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedElements
+
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
+ <sp:XPath
xmlns:example1="http://cxf.apache.org/policytest/DoubleIt";>//example1:DoubleIt/numberToDouble</sp:XPath>
+ </sp:EncryptedElements>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
</wsdl:definitions>
