I have the task of building a client to a secure .Net web service. Although
I've done this sort of thing for many years, I have not had to deal with the
wsp:Policy section, and so I'm at a bit of a loss, not finding any decent
documentation on the how-tos.
The provider of the web service sent me a Java client example, but it confused
me even more as it seems they are using a wsdd, which I gather is a holdover
from Axis 1. From the best I can tell, the replacement for that, in Axis 2, is
defining the policy in a service.xml file. But, again, can't really find any
examples of its use.
Finally, the Java client example that they sent to me applies the policy
through a generated ServiceLocator class. However, when I run wsdl2java, no
ServiceLocator class is created. Nor do I find a way to handle the policy
through the generated classes. There's nothing like wsdl2java's parameter
"-exsh" that's used to generate header classes as a corollary on the policies
side.
I tried something like the following, but it didn't work:
SecurityServiceTest service = new SecurityServiceTest();
ICreateToken createToken = service.getCreateToken2();
((BindingProvider)
createToken).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, wsUser);
((BindingProvider)
createToken).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY,
wsPassword);
As you can tell, I'm totaling groping in the dark on this one. Any
help/pointers are greatly appreciated. Here's the WSDL I'm trying to
accommodate:
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions name="SecurityService" targetNamespace="http://tempuri.org/";
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/";
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/";
xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata";
xmlns:tns="http://tempuri.org/";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract";
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl";
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/";
xmlns:wsa10="http://www.w3.org/2005/08/addressing";
xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex";>
<wsp:Policy wsu:Id="CreateToken_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
<sp:SignedParts>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DecryptToken_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:SecureConversationToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header
Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
<sp:SignedParts>
<sp:Header Name="To"
Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CreateToken2_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken
RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports";>
<xsd:import
schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd0";
namespace="http://tempuri.org/"/>
<xsd:import
schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd1";
namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import
schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd2";
namespace="http://schemas.datacontract.org/2004/07/DTN.RefinedFuel.Security"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ICreateToken_CreateSecurityToken_InputMessage">
<wsdl:part name="parameters" element="tns:CreateSecurityToken"/>
</wsdl:message>
<wsdl:message name="ICreateToken_CreateSecurityToken_OutputMessage">
<wsdl:part name="parameters"
element="tns:CreateSecurityTokenResponse"/>
</wsdl:message>
<wsdl:message name="IDecryptToken_DecryptToken_InputMessage">
<wsdl:part name="parameters" element="tns:DecryptToken"/>
</wsdl:message>
<wsdl:message name="IDecryptToken_DecryptToken_OutputMessage">
<wsdl:part name="parameters" element="tns:DecryptTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ICreateToken">
<wsdl:operation name="CreateSecurityToken">
<wsdl:input
wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityToken";
message="tns:ICreateToken_CreateSecurityToken_InputMessage"/>
<wsdl:output
wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityTokenResponse";
message="tns:ICreateToken_CreateSecurityToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:portType name="IDecryptToken">
<wsdl:operation name="DecryptToken">
<wsdl:input
wsaw:Action="http://tempuri.org/IDecryptToken/DecryptToken";
message="tns:IDecryptToken_DecryptToken_InputMessage"/>
<wsdl:output
wsaw:Action="http://tempuri.org/IDecryptToken/DecryptTokenResponse";
message="tns:IDecryptToken_DecryptToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="CreateToken" type="tns:ICreateToken">
<wsp:PolicyReference URI="#CreateToken_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreateSecurityToken">
<soap12:operation
soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken";
style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="DecryptToken" type="tns:IDecryptToken">
<wsp:PolicyReference URI="#DecryptToken_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="DecryptToken">
<soap12:operation
soapAction="http://tempuri.org/IDecryptToken/DecryptToken"; style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="CreateToken2" type="tns:ICreateToken">
<wsp:PolicyReference URI="#CreateToken2_policy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreateSecurityToken">
<soap:operation
soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken";
style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecurityService">
<wsdl:port name="CreateToken" binding="tns:CreateToken">
<soap12:address
location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken"/>
<wsa10:EndpointReference>
<wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="DecryptToken" binding="tns:DecryptToken">
<soap12:address
location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken"/>
<wsa10:EndpointReference>
<wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="CreateToken2" binding="tns:CreateToken2">
<soap:address
location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken2"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
