Hi, I would like to ask whether the WS-SecurityPolicy usage for encrypting parts of the header is currently supported in Rampart ? I am using rampart-1.1 with Axis2-1.1.1
I have the following in my policy definition: <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Header Name="UsernameToken"/> </sp:EncryptedParts> That is, what i would like to achieve is send the username/password in plaintext (that is not using digest password type ), but encrypt these in the header. I am getting this exception when i try to run the client: [java] Exception in thread "main" java.lang.NullPointerException [java] at org.apache.ws.secpolicy.builders.EncryptedPartsBuilder.processElement(EncryptedPartsBuilder.java:62) [java] at org.apache.ws.secpolicy.builders.EncryptedPartsBuilder.build(EncryptedPartsBuilder.java:44) [java] at org.apache.neethi.AssertionBuilderFactory.build(AssertionBuilderFactory.java:96) [java] at org.apache.neethi.PolicyEngine.processOperationElement(PolicyEngine.java:221) [java] at org.apache.neethi.PolicyEngine.getAllOperator(PolicyEngine.java:158) [java] at org.apache.neethi.PolicyEngine.processOperationElement(PolicyEngine.java:212) [java] at org.apache.neethi.PolicyEngine.getExactlyOneOperator(PolicyEngine.java:154) [java] at org.apache.neethi.PolicyEngine.processOperationElement(PolicyEngine.java:207) [java] at org.apache.neethi.PolicyEngine.getPolicyOperator(PolicyEngine.java:150) [java] at org.apache.neethi.PolicyEngine.getPolicy(PolicyEngine.java:122) [java] at org.apache.rampart.samples.policy.sample01.Client.loadPolicy(Unknown Source) [java] at org.apache.rampart.samples.policy.sample01.Client.main(Unknown Source) I am using a modified version (modified policy.xml and services.xml) from the rampart distribution in samples/policy/sample01. I am attaching the policy.xml file. P.S: I also tried setting both Name and Namespace attributes in the sp:Header child of sp:EncryptedParts, but with no success (same error). Any feedback is greatly appreciated. Thank you. Regards, Angel
<?xml version="1.0" encoding="UTF-8"?> <!-- ! ! Copyright 2006 The Apache Software Foundation. ! ! Licensed under the Apache License, Version 2.0 (the "License"); ! you may not use this file except in compliance with the License. ! You may obtain a copy of the License at ! ! http://www.apache.org/licenses/LICENSE-2.0 ! ! Unless required by applicable law or agreed to in writing, software ! distributed under the License is distributed on an "AS IS" BASIS, ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ! See the License for the specific language governing permissions and ! limitations under the License. !--> <wsp:Policy wsu:Id="UTOverTransport" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken RequireClientCertificate="false"/> </wsp:Policy> </sp:TransportToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:Basic256/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Lax/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> </wsp:Policy> </sp:TransportBinding> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"; /> </wsp:Policy> </sp:SignedSupportingTokens> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </wsp:Policy> </sp:Wss10> <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Body/> </sp:SignedParts> <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Header Name="UsernameToken"/> </sp:EncryptedParts> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";> <ramp:user>alice</ramp:user> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
