> I tried this before and the Username was still not signed. Only when I > used SignedEncryptedSupportingTokens the username is getting signed (and > not encrypted by the way, which is what I want at the moment). Probably I > am doing something wrong but this works for me now. >
Any chance of a test-case? Both scenarios should work fine. By the way, the UsernameToken should be signed/encrypted, not just the "Username" part of it. What version of CXF are you using? Colm. > Thanks for the feedback! > > Alex > > On Fri, Apr 3, 2015 at 4:33 PM, Colm O hEigeartaigh <[email protected]> > wrote: > >> Simply change "SupportingTokens" to "SignedSupportingTokens". >> >> Colm. >> >> On Thu, Apr 2, 2015 at 12:49 PM, Alx <[email protected]> wrote: >> >> > I have a requirement from my client for the signature to contain the >> > UsernameToken element. According to the rest of his requirements the >> > security policy I am using is the following: >> > >> > <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy"> >> > <wsp:ExactlyOne> >> > <wsp:All> >> > <wsaws:UsingAddressing xmlns:wsaws=" >> > http://www.w3.org/2006/05/addressing/wsdl"; /> >> > <sp:SupportingTokens >> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> > <wsp:Policy> >> > <sp:UsernameToken >> > sp:IncludeToken=" >> > >> > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> > "> >> > <wsp:Policy> >> > <sp:NoPassword /> >> > </wsp:Policy> >> > </sp:UsernameToken> >> > </wsp:Policy> >> > </sp:SupportingTokens> >> > <sp:AsymmetricBinding >> > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> >> > <wsp:Policy> >> > <sp:InitiatorToken> >> > <wsp:Policy> >> > <sp:UsernameToken >> > sp:IncludeToken=" >> > >> > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> > "> >> > <wsp:Policy> >> > <sp:NoPassword /> >> > </wsp:Policy> >> > </sp:UsernameToken> >> > </wsp:Policy> >> > </sp:InitiatorToken> >> > <sp:RecipientSignatureToken> >> > <wsp:Policy> >> > <sp:X509Token >> > sp:IncludeToken=" >> > >> > >> http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never >> > "> >> > <wsp:Policy> >> > <sp:WssX509V3Token10 /> >> > </wsp:Policy> >> > </sp:X509Token> >> > </wsp:Policy> >> > </sp:RecipientSignatureToken> >> > <sp:AlgorithmSuite> >> > <wsp:Policy> >> > <sp:Basic256Sha256 /> >> > </wsp:Policy> >> > </sp:AlgorithmSuite> >> > <sp:Layout> >> > <wsp:Policy> >> > <sp:Lax /> >> > </wsp:Policy> >> > </sp:Layout> >> > <sp:IncludeTimestamp /> >> > </wsp:Policy> >> > </sp:AsymmetricBinding> >> > <sp:SignedParts> >> > <sp:Body /> >> > <sp:Header Namespace="http://www.w3.org/2005/08/addressing"; /> >> > </sp:SignedParts> >> > >> > </wsp:All> >> > </wsp:ExactlyOne> >> > </wsp:Policy> >> > >> > >> > The above works correctly for me. the only thing that I could not sign >> is >> > the UserbameToken I tried using: >> > >> > <sp:SignedElements> >> > >> > <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; >> > xmlns:wsse=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd >> > " >> > xmlns:wsu=" >> > >> > >> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd >> > "> >> > >> /soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username >> > </sp:XPath> >> > >> > </sp:SignedElements> >> > >> > which did not seem to work. >> > >> > Trying to debug I see that the SignedElementsBuilder class is accessed >> but >> > I am not sure where to debug next, where should the signing occurs. >> > >> > Any help will be appreciated. >> > >> > Alex >> > >> >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
