Author: shankar
Date: Thu Feb 12 06:57:48 2009
New Revision: 743632
URL: http://svn.apache.org/viewvc?rev=743632&view=rev
Log:
Fixing security policy to work with WSAS3.0
Modified:
incubator/stonehenge/trunk/stocktrader/wsas/order_processor/resources/msec/META-INF/services.xml
incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/sec.jks
incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/security-policy.xml
Modified:
incubator/stonehenge/trunk/stocktrader/wsas/order_processor/resources/msec/META-INF/services.xml
URL:
http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/wsas/order_processor/resources/msec/META-INF/services.xml?rev=743632&r1=743631&r2=743632&view=diff
==============================================================================
---
incubator/stonehenge/trunk/stocktrader/wsas/order_processor/resources/msec/META-INF/services.xml
(original)
+++
incubator/stonehenge/trunk/stocktrader/wsas/order_processor/resources/msec/META-INF/services.xml
Thu Feb 12 06:57:48 2009
@@ -47,11 +47,11 @@
<actionMapping>SubmitOrderOnePhase</actionMapping>
</operation>
- <wsp:PolicyAttachment
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <!--wsp:PolicyAttachment
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
<wsp:AppliesTo>
<policy-subject identifier="binding:soap11" />
<policy-subject identifier="binding:soap12" />
- </wsp:AppliesTo>
+ </wsp:AppliesTo>-->
<wsp:Policy wsu:Id="SgnEncrAnonymous"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsp:ExactlyOne>
<wsp:All>
@@ -102,7 +102,29 @@
<sp:MustSupportIssuedTokens
/>
</wsp:Policy>
</sp:Trust10>
- <rampart:RampartConfig
xmlns:rampart="http://ws.apache.org/rampart/policy";>
+ <rampart:RampartConfig
xmlns:rampart="http://ws.apache.org/rampart/policy";>
+
<rampart:user>bob</rampart:user>
+
<rampart:encryptionUser>bob</rampart:encryptionUser>
+
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
+
<rampart:timestampTTL>300</rampart:timestampTTL>
+
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
+ <rampart:signatureCrypto>
+ <rampart:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.file">sec.jks</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</rampart:property>
+ </rampart:crypto>
+ </rampart:signatureCrypto>
+ <rampart:encryptionCypto>
+ <rampart:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.file">sec.jks</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</rampart:property>
+ </rampart:crypto>
+ </rampart:encryptionCypto>
+
<rampart:passwordCallbackClass>org.wso2.stocktrader.service.OrderProcessorServicePasswordCB</rampart:passwordCallbackClass>
+ </rampart:RampartConfig>
+ <!--rampart:RampartConfig
xmlns:rampart="http://ws.apache.org/rampart/policy";>
<rampart:user>bob</rampart:user>
<rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
@@ -125,12 +147,12 @@
</rampart:crypto>
</rampart:signatureCrypto>
<rampart:passwordCallbackClass>org.wso2.stocktrader.service.OrderProcessorServicePasswordCB</rampart:passwordCallbackClass>
- </rampart:RampartConfig>
+ </rampart:RampartConfig>-->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
- </wsp:PolicyAttachment>
+ <!--</wsp:PolicyAttachment>-->
</service>
</serviceGroup>
Modified: incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/sec.jks
URL:
http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/sec.jks?rev=743632&r1=743631&r2=743632&view=diff
==============================================================================
Binary files - no diff available.
Modified:
incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/security-policy.xml
URL:
http://svn.apache.org/viewvc/incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/security-policy.xml?rev=743632&r1=743631&r2=743632&view=diff
==============================================================================
---
incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/security-policy.xml
(original)
+++
incubator/stonehenge/trunk/stocktrader/wsas/resources/conf/security-policy.xml
Thu Feb 12 06:57:48 2009
@@ -50,24 +50,24 @@
</sp:Trust10>
<rampart:RampartConfig
xmlns:rampart="http://ws.apache.org/rampart/policy";>
<rampart:user>bob</rampart:user>
-
<rampart:encryptionUser>bob.cer</rampart:encryptionUser>
+
<rampart:encryptionUser>bob</rampart:encryptionUser>
<rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
<rampart:timestampTTL>300</rampart:timestampTTL>
<rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
<rampart:signatureCrypto>
- <rampart:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
- <rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</rampart:property>
- <rampart:property
name="org.apache.ws.security.crypto.merlin.file">sec.jks</rampart:property>
- <rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</rampart:property>
- </rampart:crypto>
- </rampart:signatureCrypto>
- <rampart:encryptionCypto>
- <rampart:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
- <rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</rampart:property>
- <rampart:property
name="org.apache.ws.security.crypto.merlin.file">sec.jks</rampart:property>
- <rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</rampart:property>
- </rampart:crypto>
- </rampart:encryptionCypto>
+ <rampart:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.file">sec.jks</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</rampart:property>
+ </rampart:crypto>
+ </rampart:signatureCrypto>
+ <rampart:encryptionCypto>
+ <rampart:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.file">sec.jks</rampart:property>
+
<rampart:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</rampart:property>
+ </rampart:crypto>
+ </rampart:encryptionCypto>
<rampart:passwordCallbackClass>org.wso2.stocktrader.services.TradeOrderServiceClientPasswordCB</rampart:passwordCallbackClass>
</rampart:RampartConfig>
</wsp:All>
