I am not sure if it actually checks ssl or not but it does not matter as all connections are at least ssl for our services. The difference is if they are mutual ssl or not.
Sent from my Galaxy S2 On Feb 5, 2013 2:16 AM, "Glen Mazza" <[email protected]> wrote: > Also, make sure that our Policy engine can enforce that transport-layer > encryption is being used (IIUC part of your requirements); I know it can > check message-layer encryption, but I'm not sure whether/how it knows that > SSL is being used. > > Glen > > On 02/03/2013 10:40 PM, Jason Pell wrote: > >> I think I answered my own question. It appears that the first >> alternative is chosen by default, no matter what when using the >> MinimalAlternativeSelector >> >> The isCompatibleWithRequest method in BaseAlternativeSelector returns >> true where the request == null. >> >> And it looks as though request is always null on the server side >> (which I guess makes sense) >> >> Now I have to figure out if i can code up a AlternativeSelector based >> on the content of the request information coming in from the client. >> >> Any ideas would be welcome... >> >> On Mon, Feb 4, 2013 at 11:51 AM, Jason Pell <[email protected]> wrote: >> >>> Hi, >>> >>> I would like to configure a web service which requires one of two >>> security mechanisms: >>> >>> 1) UsernamePassword + SSL (NOT MUTUAL) >>> 2) Username only + SSL with Mutual Authentication. >>> >>> I was hoping to do this via WS-Policy ExactlyOnce matching, but it >>> does not seem to work. >>> >>> What I was wanting to know is if I should expect it to work. I am >>> about to jump in and debug what is actually happening but was hoping >>> someone would help me before I got too far into it. >>> >>> My policy is: >>> >>> <wsp:Policy >>> xmlns:wsp="http://schemas.**xmlsoap.org/ws/2004/09/policy<http://schemas.xmlsoap.org/ws/2004/09/policy> >>> " >>> xmlns:wsu="http://docs.oasis-**open.org/wss/2004/01/oasis-** >>> 200401-wss-wssecurity-utility-**1.0.xsd<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd> >>> " >>> xmlns:sp="http://docs.oasis-**open.org/ws-sx/ws-** >>> securitypolicy/200702<http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702> >>> "> >>> <wsp:ExactlyOne> >>> <wsp:All> >>> <sp:TransportBinding> >>> <wsp:Policy> >>> <sp:TransportToken> >>> <wsp:Policy> >>> >>> <sp:HttpsToken> >>> >>> <wsp:Policy /> >>> >>> </sp:HttpsToken> >>> </wsp:Policy> >>> </sp:TransportToken> >>> <sp:Layout> >>> <wsp:Policy> >>> <sp:Lax >>> /> >>> </wsp:Policy> >>> </sp:Layout> >>> <sp:AlgorithmSuite> >>> <wsp:Policy> >>> >>> <sp:Basic128 /> >>> </wsp:Policy> >>> </sp:AlgorithmSuite> >>> </wsp:Policy> >>> </sp:TransportBinding> >>> >>> <sp:SupportingTokens> >>> <wsp:Policy> >>> <sp:UsernameToken> >>> <wsp:Policy> >>> >>> <sp:WssUsernameToken11 /> >>> </wsp:Policy> >>> </sp:UsernameToken> >>> </wsp:Policy> >>> </sp:SupportingTokens> >>> </wsp:All> >>> >>> <wsp:All> >>> <sp:TransportBinding> >>> <wsp:Policy> >>> <sp:TransportToken> >>> <wsp:Policy> >>> >>> <sp:HttpsToken> >>> >>> <wsp:Policy> >>> >>> <sp:RequireClientCertificate /> >>> >>> </wsp:Policy> >>> >>> </sp:HttpsToken> >>> </wsp:Policy> >>> </sp:TransportToken> >>> <sp:AlgorithmSuite> >>> <wsp:Policy> >>> >>> <sp:Basic256 /> >>> </wsp:Policy> >>> </sp:AlgorithmSuite> >>> </wsp:Policy> >>> </sp:TransportBinding> >>> >>> <sp:SupportingTokens> >>> <wsp:Policy> >>> <sp:UsernameToken> >>> <wsp:Policy> >>> >>> <sp:NoPassword /> >>> </wsp:Policy> >>> </sp:UsernameToken> >>> </wsp:Policy> >>> </sp:SupportingTokens> >>> </wsp:All> >>> </wsp:ExactlyOne> >>> </wsp:Policy> >>> >> > > -- > Glen Mazza > Talend Community Coders - coders.talend.com > blog: www.jroller.com/gmazza > >
