> > Also, in addition to my last question, for clarity, is the Security Policy > really just understanding and using the syntax from the OASIS WS-Security > Policy documentation and only the > <ramp:RampartConfig>...</ramp:RampartConfig> parts actually what is used to > incorporate Rampart? >
Yes, exactly. -----Original Message----- > From: Roxanne Yee [mailto:[EMAIL PROTECTED] > Sent: Mon 7/14/2008 8:17 AM > To: [email protected] > Subject: RE: Newbie Basics: Security Policy > > Actually, I'm using soapUI as the client, so it is possible to ignore all > files with the word "client" in them? > > > -----Original Message----- > From: Nandana Mihindukulasooriya [mailto:[EMAIL PROTECTED] > Sent: Mon 7/14/2008 8:01 AM > To: [email protected] > Subject: Re: Newbie Basics: Security Policy > > Hi Roxane, > > This is the policy to be used. Hope you know how to attach this policy to > services.xml and to a client. Please go through the Rampart policy samples > and you will be able to see how that is done. If you have further > questions, > please feel free to throw them in. > > regards, > nandana > > <wsp:Policy wsu:Id="UT" xmlns:wsu=" > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > " > xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";> > <wsp:ExactlyOne> > <wsp:All> > <sp:SupportingTokens xmlns:sp=" > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";> > <wsp:Policy> > <sp:UsernameToken sp:IncludeToken=" > > http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient > " > /> > </wsp:Policy> > </sp:SupportingTokens> > > <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy > "> > > <ramp:user>username</ramp:user> > > > <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample01.PWCBHandler</ramp:passwordCallbackClass> > </ramp:RampartConfig> > > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy> > > On Mon, Jul 14, 2008 at 11:53 PM, Roxanne Yee <[EMAIL PROTECTED]> wrote: > > > If I simply wanted to implement a web service that used a User Name Token > > authentication system with a Username and Password in Plaintext (no SSL > for > > now, cause I'm a little sketchy on how to actually set that up), what > would > > I need to do if using the Policy handler configuration? > > > > Thanks. > > > > => RY > > > > >
