You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Rishi krish <ri...@gmail.com> on 2007/05/29 22:54:48 UTC
encrypting the usernametoken header and the body using policy
Hi All
I am new to policy and struggling to create a server policy file where in I
can specify the requirement that the usernametoken header should be
encrypted as well as the body. Does anyone has any sample policy which will
do that. I had this policy file but the server fails me saying that the
EncryptedData was not expected error.
<?xml version="1.0" encoding="UTF-8"?>
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512"
xmlns:spe="
http://www.ibm.com/xmlns/prod/websphere/200605/ws-securitypolicy-ext"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xmi="
http://schema.omg.org/spec/XMI/1.0" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
">
<sp:SupportingTokens>
<wsp:Policy wsu:Id="request:uname_token">
<sp:UsernameToken sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssUsernameToken10>
</sp:WssUsernameToken10>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SupportingTokens>
<sp:AsymmetricBinding>
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128Rsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="
http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient
">
<wsp:Policy>
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:AsymmetricBinding>
<wsp:Policy wsu:Id="request:encrypt">
<sp:EncryptedParts>
<sp:Body/>
<sp:Header Name="UsernameToken" Namespace="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/
>
</sp:EncryptedParts>
<sp:EncryptedElements>
<sp:XPath>/*[namespace-uri()='
http://schemas.xmlsoap.org/soap/envelope/' and
local-name()='Envelope']/*[namespace-uri()='
http://schemas.xmlsoap.org/soap/envelope/' and
local-name()='Header']/*[namespace-uri()='
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and local-name()='Security']/*[namespace-uri()='
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and local-name()='UsernameToken']</sp:XPath>
</sp:EncryptedElements>
</wsp:Policy>
<wsp:Policy wsu:Id="response:encrypt">
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:EncryptedElements>
<sp:XPath>/*[namespace-uri()='
http://schemas.xmlsoap.org/soap/envelope/' and
local-name()='Envelope']/*[namespace-uri()='
http://schemas.xmlsoap.org/soap/envelope/' and
local-name()='Header']/*[namespace-uri()='
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'
and local-name()='Security']/*[namespace-uri()='
http://www.w3.org/2000/09/xmldsig#' and local-name()='Signature']</sp:XPath>
</sp:EncryptedElements>
</wsp:Policy>
</wsp:Policy>
--
thanks
Rishi
Re: encrypting the usernametoken header and the body using policy
Posted by Dimuthu <mu...@apache.org>.
Hi Rishi,
Try the policy file here with the latest build.
https://issues.apache.org/jira/secure/attachment/12357759/policy_ut_xpath.xml
Good luck,
Dimuthu
http://wso2.org
On Tue, 2007-05-29 at 16:54 -0400, Rishi krish wrote:
> Hi All
> I am new to policy and struggling to create a server policy file where
> in I can specify the requirement that the usernametoken header should
> be encrypted as well as the body. Does anyone has any sample policy
> which will do that. I had this policy file but the server fails me
> saying that the EncryptedData was not expected error.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
> xmlns:sp=" http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512"
> xmlns:spe="http://www.ibm.com/xmlns/prod/websphere/200605/ws-securitypolicy-ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xmi="http://schema.omg.org/spec/XMI/1.0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
> <sp:SupportingTokens>
> <wsp:Policy wsu:Id="request:uname_token">
> <sp:UsernameToken
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssUsernameToken10>
> </sp:WssUsernameToken10>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SupportingTokens>
> <sp:AsymmetricBinding>
> <wsp:Policy>
> <sp:InitiatorToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToInitiator">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:InitiatorToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic128Rsa15 />
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:RecipientToken>
> <wsp:Policy>
> <sp:X509Token
> sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200512/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssX509V3Token10 />
> </wsp:Policy>
> </sp:X509Token>
> </wsp:Policy>
> </sp:RecipientToken>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict />
> </wsp:Policy>
> </sp:Layout>
> </wsp:Policy>
> </sp:AsymmetricBinding>
> <wsp:Policy wsu:Id="request:encrypt">
> <sp:EncryptedParts>
> <sp:Body/>
> <sp:Header Name="UsernameToken"
> Namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"/>
> </sp:EncryptedParts>
> <sp:EncryptedElements>
>
> <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Header']/*[namespace-uri()=' http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' and local-name()='Security']/*[namespace-uri()=' http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' and local-name()='UsernameToken']</sp:XPath>
> </sp:EncryptedElements>
> </wsp:Policy>
> <wsp:Policy wsu:Id="response:encrypt">
> <sp:EncryptedParts>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:EncryptedElements>
>
> <sp:XPath>/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Envelope']/*[namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/' and local-name()='Header']/*[namespace-uri()='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd' and local-name()='Security']/*[namespace-uri()='http://www.w3.org/2000/09/xmldsig#' and local-name()='Signature']</sp:XPath>
> </sp:EncryptedElements>
> </wsp:Policy>
> </wsp:Policy>
> --
> thanks
> Rishi
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-user-help@ws.apache.org