This is our security policy:
<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy"; xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:sp13="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200802"; wsu:Id="policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never";> <wsp:Policy> <sp:WssX509V3Token10/> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:Layout> <wsp:Policy> <sp:Strict/> </wsp:Policy> </sp:Layout> <sp:OnlySignEntireHeadersAndBody/> <sp:AlgorithmSuite> <wsp:Policy> <sp-cxf:Basic128GCMSha256MgfSha256 xmlns:sp-cxf="http://project/custom/security-policy"/> </wsp:Policy> </sp:AlgorithmSuite> </wsp:Policy> </sp:AsymmetricBinding> <wsp:ExactlyOne> <wsp:All> <sp:SignedParts> <sp:Header Namespace="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/ns/core/200704/"; Name="Messaging"/> <sp:Attachments> <sp13:ContentSignatureTransform/> </sp:Attachments> </sp:SignedParts> <sp:EncryptedParts> <sp:Attachments/> </sp:EncryptedParts> </wsp:All> </wsp:ExactlyOne> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> -- View this message in context: http://cxf.547215.n5.nabble.com/EncryptedKey-in-Security-Header-for-messages-wihtout-encrypted-content-tp5768129p5768134.html Sent from the cxf-user mailing list archive at Nabble.com.
