Signing of UsernameToken element with WS-SecurityPolicy and CXF

Thu, 02 Apr 2015 04:52:39 -0700 

I have a requirement from my client for the signature to contain the
UsernameToken element. According to the rest of his requirements the
security policy I am using is the following:

<wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy">
<wsp:ExactlyOne>
<wsp:All>
<wsaws:UsingAddressing xmlns:wsaws="
http://www.w3.org/2006/05/addressing/wsdl"; />
<sp:SupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:NoPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<sp:AsymmetricBinding
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:NoPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientSignatureToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientSignatureToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Sha256 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts>
<sp:Body />
<sp:Header Namespace="http://www.w3.org/2005/08/addressing"; />
</sp:SignedParts>

</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>


The above works correctly for me. the only thing that I could not sign is
the UserbameToken I tried using:

<sp:SignedElements>

<sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:wsse="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
"
xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
/soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username
</sp:XPath>

</sp:SignedElements>

which did not seem to work.

Trying to debug I see that the SignedElementsBuilder class is accessed but
I am not sure where to debug next, where should the signing occurs.

Any help will be appreciated.

Alex

Reply via email to