Re: Question on engaging security for UserNameToken style policy

Wed, 11 Jun 2008 22:06:09 -0700 

Hi Jeff,

Lets first get this policy validated from one of the security experts :-)

Nandana, can you please help us on this?

Thanks,
Ruwan

On Thu, Jun 12, 2008 at 12:46 AM, Jeff Davis <[EMAIL PROTECTED]> wrote:

> Hi everyone,
>
> Example 200 shows how to engage security on a proxy that uses a x509 style
> policy. That works great. However, I am trying to instead use UsernameToken
> style with the following policy:
>
> <wsp:Policy wsu:Id="UTOverTransport"
>            xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> "
>
>            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
>  <wsp:ExactlyOne>
>    <wsp:All>
>      <sp:SignedSupportingTokens xmlns:sp="
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
>        <wsp:Policy>
>          <sp:UsernameToken sp:IncludeToken="
>
> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient
> ">
>          </sp:UsernameToken>
>        </wsp:Policy>
>      </sp:SignedSupportingTokens>
>      <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
>
>
> <ramp:passwordCallbackClass>samples.userguide.PWCallback</ramp:passwordCallbackClass>
>            <ramp:user>alice</ramp:user>
>      </ramp:RampartConfig>
>    </wsp:All>
>  </wsp:ExactlyOne>
> </wsp:Policy>
>
> My inbound SOAP message looks like:
>
> <soapenv:Envelope xmlns:hel="http://helloworld"; xmlns:soapenv="
> http://schemas.xmlsoap.org/soap/envelope/";>
>   <soapenv:Header>
>      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
> ">
>         <wsse:UsernameToken wsu:Id="UsernameToken-14134009" xmlns:wsu="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
> ">
>            <wsse:Username>alice</wsse:Username>
>            <wsse:Password Type="
>
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText
> ">password</wsse:Password>
>         </wsse:UsernameToken>
>      </wsse:Security>
>   </soapenv:Header>
>   <soapenv:Body>
>      <hel:getGreetings>
>         <hel:name>Hi!</hel:name>
>      </hel:getGreetings>
>   </soapenv:Body>
> </soapenv:Envelope>
>
> However, I always get soap fault with a description of: InvalidSecurity
>
> I think my policy file is okay, cause when I use for engaging security on
> an
> outbound message, it works fine (i.e., adds the WS-Security header).
>
> Any ideas?
>
> jeff
>



-- 
Ruwan Linton
http://www.wso2.org - "Oxygenating the Web Services Platform"

Reply via email to