You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Jonas BrĂ¼stel <jo...@bruestel.net> on 2010/01/24 15:01:14 UTC

Inflow/Outflow policy distinguish in Service Configuration (rampart)

Hi,

I'm using Apache Ode to orchestrate a couple of services. One service I
invoke uses WS-Security for authentication and so on. I'm able to talk
to the service but I'm getting a "missing WS-Security Header"-exception.
The problem is that the invoke response does not contain a security
header. Using TCPMon shows me that everything works. I think/know that
the rampart module checks the policy and fails.

Now to my question: Is it possible to set a parameter in the service
configuration to distinguish between Inflow and Outflow policies?


Here is my service configuration:
<service>
	<module ref="rampart" />
	
	<wsp:Policy wsu:Id="SigOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	 <wsp:ExactlyOne>
	  <wsp:All>
	   <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	    <wsp:Policy>
	     <sp:InitiatorToken>
	      <wsp:Policy>
	       <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
	        <wsp:Policy>
	         <sp:WssX509V3Token10/>
	        </wsp:Policy>
	       </sp:X509Token>
	      </wsp:Policy>
	     </sp:InitiatorToken>
	     <sp:RecipientToken>
	      <wsp:Policy>
	       <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
	        <wsp:Policy>
	         <sp:WssX509V3Token10/>
	        </wsp:Policy>
	       </sp:X509Token>
	      </wsp:Policy>
	     </sp:RecipientToken>
	     <sp:AlgorithmSuite>
	      <wsp:Policy>
	       <sp:TripleDesRsa15/>
	      </wsp:Policy>
	     </sp:AlgorithmSuite>
	     <sp:Layout>
	      <wsp:Policy>
	       <sp:Strict/>
	      </wsp:Policy>
	     </sp:Layout>
	     <sp:IncludeTimestamp/>
	     <sp:OnlySignEntireHeadersAndBody/>
	    </wsp:Policy>
	   </sp:AsymmetricBinding>
	   <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	    <wsp:Policy>
	     <sp:MustSupportRefKeyIdentifier/>
	     <sp:MustSupportRefIssuerSerial/>
	    </wsp:Policy>
	   </sp:Wss10>
	   <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	    <sp:Body/>
	   </sp:SignedParts>
	   <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
	    <ramp:user>xx</ramp:user>
	    <ramp:encryptionUser>service</ramp:encryptionUser>
	
<ramp:passwordCallbackClass>net.xxx.axis2.PWCBHandler</ramp:passwordCallbackClass>
	    <ramp:signatureCrypto>
	     <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
	      <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
	      <ramp:property
name="org.apache.ws.security.crypto.merlin.file">/home/xx/Keystore/xx.jks</ramp:property>
	      <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">xxx</ramp:property>
	     </ramp:crypto>
	    </ramp:signatureCrypto>
	   </ramp:RampartConfig>
	  </wsp:All>
	 </wsp:ExactlyOne>
	</wsp:Policy>
	




Thanks,
Jonas