Hi, thank you! Now it works fine. Yes you are right that the WSDL and the services.xml are different - it is my fault. I will apply the write ones, but you are right that I mean the services.xml.
Anyway I want to ask you about the following you have written: "For this to work, the request must carry a signature signed using the client's cert. In your case, you don't have any signed parts or signed elements defined. But the policy states to include the time stamp and the time stamp will be signed using the clients certificate. As the policy states IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient in the recipient token , the binary token will be included in the soap request." About "For this to work, the request must carry a signature signed using the client's cert." - I think this is the following observed into the client's request header (clients X509): <wsse:BinarySecurityToken xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"; ValueType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; wsu:Id="CertId-4672752">MIIDPjCCAqegAwIBAgIBATANBgkqhkiG9w0BAQQFADBtMQswCQYDVQQGEwJCRzEOMAwGA1UECBMFU29maWExDjAMBgNVBAcTBVNvZmlhMRQwEgYDVQQKEwtTb2Z0d2FyZSBBRzEUMBIGA1UECxMLU29mdHdhcmUgQUcxEjAQBgNVBAMTCWRldmVsb3BlcjAeFw0wNzA5MTQwOTU5MDdaFw0wODA5MTMwOTU5MDdaMF0xCzAJBgNVBAYTAkJHMQ4wDAYDVQQIEwVTb2ZpYTEUMBIGA1UEChMLU29mdHdhcmUgQUcxFDASBgNVBAsTC1NvZnR3YXJlIEFHMRIwEAYDVQQDEwlkZXZlbG9wZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAIoW2xLpLwTEpllTqxz+E3GNK5d5E+aUsr/7XdSFJEfl8Vh5WAPUXcLK1d3wDd5Ghu/ewv3B2FZjiUWyTXVdjVCu2uHU1HFcQZCd9k35kVvfQINao2FX9z7BW34cJp1LoKZkliukDMuYBqeHv0UFlT/b/ZL47CzkdeJaS0njFpPHAgMBAAGjgf0wgfowCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFBzENd237MVXz49n+yKabdCQ997qMIGfBgNVHSMEgZcwgZSAFAntZG/62Z6U1xSAUkMI33N+77BloXGkbzBtMQswCQYDVQQGEwJCRzEOMAwGA1UECBMFU29maWExDjAMBgNVBAcTBVNvZmlhMRQwEgYDVQQKEwtTb2Z0d2FyZSBBRzEUMBIGA1UECxMLU29mdHdhcmUgQUcxEjAQBgNVBAMTCWRldmVsb3BlcoIJAPxRLIMzR6wcMA0GCSqGSIb3DQEBBAUAA4GBAIMzOMNE9c+D093mvu6now0GpkGJmKn5EpT/w2U7jQKJv6k0eN85GMmiu8aXarYO57gaN/WIAyZTKzUhSHbcSDw/ZvU57BAkRKko8qlTjESXzbom6M/KhoeSAqZEWQOrAxTkNNsRgn8s5ZyWT5fKq/XiBguvtwUfZtfxU8dgjnHL</wsse:BinarySecurityToken> IMHO this is the signed X509 cert that should be used, so why you are saying the following: "In your case, you don't have any signed parts or signed elements defined. But the policy states to include the time stamp and the time stamp will be signed using the clients certificate. As the policy states IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient in the recipient token , the binary token will be included in the soap request." Why I need to have something signed in order to transfer the X509 cert? Can you explain it more precisely. Where I can read about that (e.g. articles etc I have not found any good resources about that). Here I am appling the right WSDL. The services.xml is ok as you know :) <?xml version="1.0" encoding="UTF-8"?> <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:ns0=" http://pojo.wsstack.softwareag.com"; xmlns:soap12=" http://schemas.xmlsoap.org/wsdl/soap12/"; xmlns:http=" http://schemas.xmlsoap.org/wsdl/http/"; xmlns:ns1=" http://org.apache.axis2/xsd"; xmlns:wsaw=" http://www.w3.org/2006/05/addressing/wsdl"; xmlns:xs=" http://www.w3.org/2001/XMLSchema"; xmlns:soap=" http://schemas.xmlsoap.org/wsdl/soap/"; targetNamespace=" http://pojo.wsstack.softwareag.com";> <wsdl:documentation>HelloPojoAsync</wsdl:documentation> <wsdl:types> <xs:schema xmlns:ns="http://pojo.wsstack.softwareag.com"; attributeFormDefault="qualified" elementFormDefault="qualified" targetNamespace="http://pojo.wsstack.softwareag.com";> <xs:element name="sayHello"> <xs:complexType> <xs:sequence> <xs:element minOccurs="0" name="name" nillable="true" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> <xs:element name="sayHelloResponse"> <xs:complexType> <xs:sequence> <xs:element minOccurs="0" name="return" nillable="true" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> </xs:schema> </wsdl:types> <wsdl:message name="sayHelloRequest"> <wsdl:part name="parameters" element="ns0:sayHello"/> </wsdl:message> <wsdl:message name="sayHelloResponse"> <wsdl:part name="parameters" element="ns0:sayHelloResponse"/> </wsdl:message> <wsdl:portType name="HelloPojoAsyncPortType"> <wsdl:operation name="sayHello"> <wsdl:input message="ns0:sayHelloRequest" wsaw:Action="urn:sayHello"/> <wsdl:output message="ns0:sayHelloResponse" wsaw:Action="urn:sayHelloResponse"/> </wsdl:operation> </wsdl:portType> <wsdl:binding name="HelloPojoAsyncHttpBinding" type="ns0:HelloPojoAsyncPortType"> <http:binding verb="POST"/> <wsdl:operation name="sayHello"> <http:operation location="HelloPojoAsync/sayHello"/> <wsdl:input> <mime:content type="text/xml" part="sayHello"/> </wsdl:input> <wsdl:output> <mime:content type="text/xml" part="sayHello"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; xmlns:wsu=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="User defined"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15/> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp/> <sp:OnlySignEntireHeadersAndBody/> </wsp:Policy> </sp:AsymmetricBinding> <sp:Wss10 xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <sp:Policy> <sp:MustSupportRefKeyIdentifier/> <sp:MustSupportRefIssuerSerial/> </sp:Policy> </sp:Wss10> <sp:SignedSupportingTokens xmlns:sp=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=" http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/> </wsp:Policy> </sp:SignedSupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> <wsdl:service name="HelloPojoAsync"> <wsdl:port name="HelloPojoAsyncSOAP11port_http" binding="ns0:HelloPojoAsyncSOAP11Binding"> <soap:address location=" http://127.0.0.1:8082/wsstack/services/HelloPojoAsync"/> </wsdl:port> <wsdl:port name="HelloPojoAsyncSOAP12port_http" binding="ns0:HelloPojoAsyncSOAP12Binding"> <soap12:address location=" http://127.0.0.1:8082/wsstack/services/HelloPojoAsync"/> </wsdl:port> <wsdl:port name="HelloPojoAsyncHttpport" binding="ns0:HelloPojoAsyncHttpBinding"> <http:address location=" http://127.0.0.1:8082/wsstack/services/HelloPojoAsync"/> </wsdl:port> </wsdl:service> <wsdl:binding name="HelloPojoAsyncSOAP12Binding" type="ns0:HelloPojoAsyncPortType"> <wsp:PolicyReference xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy"; URI="#User defined"/> <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; style="document"/> <wsdl:operation name="sayHello"> <soap:operation soapAction="urn:sayHello" style="document"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> <wsdl:binding name="HelloPojoAsyncSOAP11Binding" type="ns0:HelloPojoAsyncPortType"> <wsp:PolicyReference xmlns:wsp=" http://schemas.xmlsoap.org/ws/2004/09/policy"; URI="#User defined"/> <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; style="document"/> <wsdl:operation name="sayHello"> <soap:operation soapAction="urn:sayHello" style="document"/> <wsdl:input> <soap:body use="literal"/> </wsdl:input> <wsdl:output> <soap:body use="literal"/> </wsdl:output> </wsdl:operation> </wsdl:binding> </wsdl:definitions> Regards, Dobri On 10/12/07, Nandana Mihindukulasooriya <[EMAIL PROTECTED]> wrote: > > Hi, > IMHO, in Rampart when we want to use the certificate which was used to > sign > the request ( the client's X509 certificate in your case ) to do the > encryption in > the response, we specify the <ramp:encryptionUser> parameter as > > <encryptionUser>useReqSigCert</encryptionUser>. > > For this to work, the request must carry a signature signed using the > client's cert. > In your case, you don't have any signed parts or signed elements > defined. But > the policy states to include the time stamp and the time stamp will be > signed using > the clients certificate. As the policy states > IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > in the recipient token , the binary token will be included in the soap > request. > So I think your scenario should work when encryptionUser is set to > useReqSigCert. > > Btw, two policies in the WSDL and the services.xml are quite different. > WSDL > contains > a policy which is applied to two bindings and which is a symmetric > binding. > It also > requires a UsernameToken as a signed supporting token. > > The policy defined in the services.xml is Asymmetric binding with no > supporting tokens. > Anyway I think you are talking about the policy in the services.xml. > > Regards, > Nandana > > > On 10/11/07, Dobri Kitipov <[EMAIL PROTECTED]> wrote: > > > > Hi everybody, > > We want to test the following scenario using Rampart SNAPSHOT. We have a > > service that defines Asymetric binding (I am applying the WSDL and the > > services.xml). What we want to achieve is not to store the clients' > public > > keys (PK) at server side. We do not want to spend memory resources to > save > > all clients' PK which can be of great amount. That's why we want to use > > X509 > > in order clients to exchange public PKs with the service. My > understanding > > is that in this case we do not need to specify the <ramp:encryptionUser> > > into the services.xml, because the client provides the X509 sent with > the > > SOAP. The problem is that we receive the following exception when there > is > > no <ramp:encryptionUser> specified: > > > > com.mycompany.wsstack.client.api.WSClientException: > > org.apache.axis2.AxisFault: Encryption user not specified (The context > is > > created by the initiating party) > > at com.mycompany.wsstack.client.impl.WSStaxClientImpl.sendReceive( > > WSStaxClientImpl.java:133) > > at com.mycompany.wsstack.samples.SampleSymClient.invokeWebService( > > SampleSymClient.java:67) > > at com.mycompany.wsstack.samples.SampleSymClient.main( > > SampleSymClient.java:29) > > Caused by: org.apache.axis2.AxisFault: Encryption user not specified > (The > > context is created by the initiating party) > > at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext( > > Utils.java:486) > > at > > org.apache.axis2.description.OutInAxisOperationClient.handleResponse( > > OutInAxisOperation.java:343) > > at org.apache.axis2.description.OutInAxisOperationClient.send( > > OutInAxisOperation.java:389) > > at org.apache.axis2.description.OutInAxisOperationClient.executeImpl > ( > > OutInAxisOperation.java:211) > > at org.apache.axis2.client.OperationClient.execute( > > OperationClient.java > > :163) > > at org.apache.axis2.client.ServiceClient.sendReceive( > > ServiceClient.java > > :528) > > at com.mycompany.wsstack.client.impl.WSStaxClientImpl.sendReceive( > > WSStaxClientImpl.java:129) > > ... 2 more > > > > The WSDL of the service is: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"; > > xmlns:mime=" > > http://schemas.xmlsoap.org/wsdl/mime/"; xmlns:ns0=" > > http://pojo.wsstack.mycompany.com"; xmlns:soap12=" > > http://schemas.xmlsoap.org/wsdl/soap12/"; xmlns:http=" > > http://schemas.xmlsoap.org/wsdl/http/"; xmlns:ns1=" > > http://org.apache.axis2/xsd"; xmlns:wsaw=" > > http://www.w3.org/2006/05/addressing/wsdl"; xmlns:xs=" > > http://www.w3.org/2001/XMLSchema"; xmlns:soap=" > > http://schemas.xmlsoap.org/wsdl/soap/"; targetNamespace=" > > http://pojo.wsstack.mycompany.com";> > > <wsdl:documentation>HelloPojo</wsdl:documentation> > > <wsdl:types> > > <xs:schema xmlns:ns="http://pojo.wsstack.mycompany.com"; > > attributeFormDefault="qualified" elementFormDefault="qualified" > > targetNamespace="http://pojo.wsstack.mycompany.com";> > > <xs:element name="sayHello"> > > <xs:complexType> > > <xs:sequence> > > <xs:element minOccurs="0" name="name" > > nillable="true" type="xs:string"/> > > </xs:sequence> > > </xs:complexType> > > </xs:element> > > <xs:element name="sayHelloResponse"> > > <xs:complexType> > > <xs:sequence> > > <xs:element minOccurs="0" name="return" > > nillable="true" type="xs:string"/> > > </xs:sequence> > > </xs:complexType> > > </xs:element> > > </xs:schema> > > </wsdl:types> > > <wsdl:message name="sayHelloRequest"> > > <wsdl:part name="parameters" element="ns0:sayHello"/> > > </wsdl:message> > > <wsdl:message name="sayHelloResponse"> > > <wsdl:part name="parameters" element="ns0:sayHelloResponse"/> > > </wsdl:message> > > <wsdl:portType name="HelloPojoPortType"> > > <wsdl:operation name="sayHello"> > > <wsdl:input message="ns0:sayHelloRequest" > > wsaw:Action="urn:sayHello"/> > > <wsdl:output message="ns0:sayHelloResponse" > > wsaw:Action="urn:sayHelloResponse"/> > > </wsdl:operation> > > </wsdl:portType> > > <wsdl:binding name="HelloPojoHttpBinding" > > type="ns0:HelloPojoPortType"> > > <http:binding verb="POST"/> > > <wsdl:operation name="sayHello"> > > <http:operation location="HelloPojo/sayHello"/> > > <wsdl:input> > > <mime:content type="text/xml" part="sayHello"/> > > </wsdl:input> > > <wsdl:output> > > <mime:content type="text/xml" part="sayHello"/> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:binding> > > <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > > xmlns:wsu=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > " > > wsu:Id="User defined"> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:SymmetricBinding xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:ProtectionToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never > "> > > <wsp:Policy> > > <sp:WssX509V3Token10/> > > <sp:RequireDerivedKeys/> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:ProtectionToken> > > <sp:AlgorithmSuite> > > <wsp:Policy> > > <sp:Basic128/> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict/> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp/> > > </wsp:Policy> > > </sp:SymmetricBinding> > > <sp:Wss10 xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Policy> > > <sp:MustSupportRefKeyIdentifier/> > > <sp:MustSupportRefIssuerSerial/> > > </sp:Policy> > > </sp:Wss10> > > <sp:SignedSupportingTokens xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:UsernameToken sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always > > "/> > > </wsp:Policy> > > </sp:SignedSupportingTokens> > > <sp:SignedParts xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > <sp:EncryptedParts xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body/> > > </sp:EncryptedParts> > > <sp:SignedElements xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > <sp:EncryptedElements xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <wsdl:service name="HelloPojo"> > > <wsdl:port name="HelloPojoSOAP11port_http" > > binding="ns0:HelloPojoSOAP11Binding"> > > <soap:address location=" > > http://localhost:8082/wsstack/services/HelloPojo"/> > > </wsdl:port> > > <wsdl:port name="HelloPojoSOAP12port_http" > > binding="ns0:HelloPojoSOAP12Binding"> > > <soap12:address location=" > > http://localhost:8082/wsstack/services/HelloPojo"/> > > </wsdl:port> > > <wsdl:port name="HelloPojoHttpport" > > binding="ns0:HelloPojoHttpBinding"> > > <http:address location=" > > http://localhost:8082/wsstack/services/HelloPojo"/> > > </wsdl:port> > > </wsdl:service> > > <wsdl:binding name="HelloPojoSOAP12Binding" > > type="ns0:HelloPojoPortType"> > > <wsp:PolicyReference xmlns:wsp=" > > http://schemas.xmlsoap.org/ws/2004/09/policy"; URI="#User defined"/> > > <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; > > style="document"/> > > <wsdl:operation name="sayHello"> > > <soap:operation soapAction="urn:sayHello" style="document"/> > > <wsdl:input> > > <soap:body use="literal"/> > > </wsdl:input> > > <wsdl:output> > > <soap:body use="literal"/> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:binding> > > <wsdl:binding name="HelloPojoSOAP11Binding" > > type="ns0:HelloPojoPortType"> > > <wsp:PolicyReference xmlns:wsp=" > > http://schemas.xmlsoap.org/ws/2004/09/policy"; URI="#User defined"/> > > <soap:binding transport="http://schemas.xmlsoap.org/soap/http"; > > style="document"/> > > <wsdl:operation name="sayHello"> > > <soap:operation soapAction="urn:sayHello" style="document"/> > > <wsdl:input> > > <soap:body use="literal"/> > > </wsdl:input> > > <wsdl:output> > > <soap:body use="literal"/> > > </wsdl:output> > > </wsdl:operation> > > </wsdl:binding> > > </wsdl:definitions> > > > > > > The services.xml is: > > > > <?xml version="1.0" encoding="UTF-8"?> > > <serviceGroup> > > <service name="HelloPojoAsync"> > > <description>Web Service HelloPojoAsync</description> > > <parameter name="ServiceClass"> > > com.mycompany.wsstack.pojo.HelloPojoAsync > > </parameter> > > <messageReceivers> > > <messageReceiver > > class="org.apache.axis2.rpc.receivers.RPCMessageReceiver" mep=" > > http://www.w3.org/2004/08/wsdl/in-out"/> > > </messageReceivers> > > <operation name="sayHello"/> > > <wsp:Policy wsu:Id="User defined" > > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > xmlns:wsu=" > > > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > "> > > <wsp:ExactlyOne> > > <wsp:All> > > <sp:AsymmetricBinding xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:InitiatorToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > > > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > > "> > > <wsp:Policy> > > <sp:WssX509V3Token10/> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:InitiatorToken> > > <sp:RecipientToken> > > <wsp:Policy> > > <sp:X509Token sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never > "> > > <wsp:Policy> > > <sp:WssX509V3Token10/> > > </wsp:Policy> > > </sp:X509Token> > > </wsp:Policy> > > </sp:RecipientToken> > > <sp:AlgorithmSuite xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy> > > <sp:TripleDesRsa15/> > > </wsp:Policy> > > </sp:AlgorithmSuite> > > <sp:Layout> > > <wsp:Policy> > > <sp:Strict/> > > </wsp:Policy> > > </sp:Layout> > > <sp:IncludeTimestamp/> > > <sp:OnlySignEntireHeadersAndBody/> > > </wsp:Policy> > > </sp:AsymmetricBinding> > > <sp:Wss10 xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Policy> > > <sp:MustSupportRefKeyIdentifier/> > > <sp:MustSupportRefIssuerSerial/> > > </sp:Policy> > > </sp:Wss10> > > <sp:SignedSupportingTokens xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <wsp:Policy/> > > </sp:SignedSupportingTokens> > > <sp:SignedParts xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > <sp:EncryptedParts xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > > <sp:Body/> > > </sp:EncryptedParts> > > <sp:SignedElements xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > <sp:EncryptedElements xmlns:sp=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"/> > > <ramp:RampartConfig xmlns:ramp=" > > http://ws.apache.org/rampart/policy";> > > <ramp:user>service</ramp:user> > > <ramp:encryptionUser/> > > <ramp:passwordCallbackClass> > > com.mycompany.wsstack.pwcb.ServerPWCBHandler > </ramp:passwordCallbackClass> > > <ramp:signatureCrypto> > > <ramp:crypto provider=" > > org.apache.ws.security.components.crypto.Merlin"> > > <ramp:property name=" > > org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> > > <ramp:property name=" > > org.apache.ws.security.crypto.merlin.file > > ">D:\Downloads\Rampart\wsstack\keystores\service.jks</ramp:property> > > <ramp:property name=" > > org.apache.ws.security.crypto.merlin.keystore.password > > ">openssl</ramp:property> > > </ramp:crypto> > > </ramp:signatureCrypto> > > <ramp:encryptionCypto> > > <ramp:crypto provider=" > > org.apache.ws.security.components.crypto.Merlin"> > > <ramp:property name=" > > org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> > > <ramp:property name=" > > org.apache.ws.security.crypto.merlin.file > > ">D:\Downloads\Rampart\wsstack\keystores\service.jks</ramp:property> > > <ramp:property name=" > > org.apache.ws.security.crypto.merlin.keystore.password > > ">openssl</ramp:property> > > </ramp:crypto> > > </ramp:encryptionCypto> > > </ramp:RampartConfig> > > </wsp:All> > > </wsp:ExactlyOne> > > </wsp:Policy> > > <module ref="addressing"/> > > <module ref="rampart"/> > > </service> > > </serviceGroup> > > > > > > Thank you in advance! > > Dobri Kitipov > > >
