You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Ron Grimes <rg...@sinclairoil.com> on 2013/02/08 18:23:35 UTC
wsp:Policy Question
I have the task of building a client to a secure .Net web service. Although I've done this sort of thing for many years, I have not had to deal with the wsp:Policy section, and so I'm at a bit of a loss, not finding any decent documentation on the how-tos.
The provider of the web service sent me a Java client example, but it confused me even more as it seems they are using a wsdd, which I gather is a holdover from Axis 1. From the best I can tell, the replacement for that, in Axis 2, is defining the policy in a service.xml file. But, again, can't really find any examples of its use.
Finally, the Java client example that they sent to me applies the policy through a generated ServiceLocator class. However, when I run wsdl2java, no ServiceLocator class is created. Nor do I find a way to handle the policy through the generated classes. There's nothing like wsdl2java's parameter "-exsh" that's used to generate header classes as a corollary on the policies side.
I tried something like the following, but it didn't work:
SecurityServiceTest service = new SecurityServiceTest();
ICreateToken createToken = service.getCreateToken2();
((BindingProvider) createToken).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, wsUser);
((BindingProvider) createToken).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, wsPassword);
As you can tell, I'm totaling groping in the dark on this one. Any help/pointers are greatly appreciated. Here's the WSDL I'm trying to accommodate:
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions name="SecurityService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<wsp:Policy wsu:Id="CreateToken_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
<sp:SignedParts>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DecryptToken_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
<sp:SignedParts>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CreateToken2_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd0" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd2" namespace="http://schemas.datacontract.org/2004/07/DTN.RefinedFuel.Security"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ICreateToken_CreateSecurityToken_InputMessage">
<wsdl:part name="parameters" element="tns:CreateSecurityToken"/>
</wsdl:message>
<wsdl:message name="ICreateToken_CreateSecurityToken_OutputMessage">
<wsdl:part name="parameters" element="tns:CreateSecurityTokenResponse"/>
</wsdl:message>
<wsdl:message name="IDecryptToken_DecryptToken_InputMessage">
<wsdl:part name="parameters" element="tns:DecryptToken"/>
</wsdl:message>
<wsdl:message name="IDecryptToken_DecryptToken_OutputMessage">
<wsdl:part name="parameters" element="tns:DecryptTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ICreateToken">
<wsdl:operation name="CreateSecurityToken">
<wsdl:input wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityToken" message="tns:ICreateToken_CreateSecurityToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityTokenResponse" message="tns:ICreateToken_CreateSecurityToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:portType name="IDecryptToken">
<wsdl:operation name="DecryptToken">
<wsdl:input wsaw:Action="http://tempuri.org/IDecryptToken/DecryptToken" message="tns:IDecryptToken_DecryptToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/IDecryptToken/DecryptTokenResponse" message="tns:IDecryptToken_DecryptToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="CreateToken" type="tns:ICreateToken">
<wsp:PolicyReference URI="#CreateToken_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreateSecurityToken">
<soap12:operation soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="DecryptToken" type="tns:IDecryptToken">
<wsp:PolicyReference URI="#DecryptToken_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="DecryptToken">
<soap12:operation soapAction="http://tempuri.org/IDecryptToken/DecryptToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="CreateToken2" type="tns:ICreateToken">
<wsp:PolicyReference URI="#CreateToken2_policy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreateSecurityToken">
<soap:operation soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecurityService">
<wsdl:port name="CreateToken" binding="tns:CreateToken">
<soap12:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken"/>
<wsa10:EndpointReference>
<wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="DecryptToken" binding="tns:DecryptToken">
<soap12:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken"/>
<wsa10:EndpointReference>
<wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="CreateToken2" binding="tns:CreateToken2">
<soap:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken2"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
Re: wsp:Policy Question
Posted by Ron Grimes <rg...@sinclairoil.com>.
Thanks, Dennis. I will check it out.
Ron
On Feb 8, 2013, at 3:36 PM, Dennis Sosnoski <dm...@sosnoski.com>> wrote:
Hi Ron,
You can see my CXF article on IBM developerWorks for some basics of
using policies to define WS-Security handling:
http://www.ibm.com/developerworks/java/library/j-jws13.html
Some of the later articles in the series might also be of interest,
discussing WS-SecureConversation and more details of WS-Policy.
- Dennis
Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>
CXF and Web Services Security Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
On 02/09/2013 06:23 AM, Ron Grimes wrote:
I have the task of building a client to a secure .Net web service. Although I've done this sort of thing for many years, I have not had to deal with the wsp:Policy section, and so I'm at a bit of a loss, not finding any decent documentation on the how-tos.
The provider of the web service sent me a Java client example, but it confused me even more as it seems they are using a wsdd, which I gather is a holdover from Axis 1. From the best I can tell, the replacement for that, in Axis 2, is defining the policy in a service.xml file. But, again, can't really find any examples of its use.
Finally, the Java client example that they sent to me applies the policy through a generated ServiceLocator class. However, when I run wsdl2java, no ServiceLocator class is created. Nor do I find a way to handle the policy through the generated classes. There's nothing like wsdl2java's parameter "-exsh" that's used to generate header classes as a corollary on the policies side.
I tried something like the following, but it didn't work:
SecurityServiceTest service = new SecurityServiceTest();
ICreateToken createToken = service.getCreateToken2();
((BindingProvider) createToken).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, wsUser);
((BindingProvider) createToken).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, wsPassword);
As you can tell, I'm totaling groping in the dark on this one. Any help/pointers are greatly appreciated. Here's the WSDL I'm trying to accommodate:
<?xml version="1.0" encoding="utf-8"?>
<wsdl:definitions name="SecurityService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
<wsp:Policy wsu:Id="CreateToken_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
<sp:SignedParts>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="DecryptToken_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:BootstrapPolicy>
<wsp:Policy>
<sp:SignedParts>
<sp:Body/>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
<sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<sp:EncryptedParts>
<sp:Body/>
</sp:EncryptedParts>
<sp:TransportBinding>
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens>
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss11>
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10>
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
</wsp:Policy>
</sp:BootstrapPolicy>
</wsp:Policy>
</sp:SecureConversationToken>
<sp:SignedParts>
<sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
</wsp:Policy>
</sp:EndorsingSupportingTokens>
<sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
<sp:MustSupportRefThumbprint/>
<sp:MustSupportRefEncryptedKey/>
</wsp:Policy>
</sp:Wss11>
<sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportIssuedTokens/>
<sp:RequireClientEntropy/>
<sp:RequireServerEntropy/>
</wsp:Policy>
</sp:Trust10>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsp:Policy wsu:Id="CreateToken2_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="false"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Lax/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
</wsp:Policy>
</sp:TransportBinding>
<sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssUsernameToken10/>
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd0" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
<xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd2" namespace="http://schemas.datacontract.org/2004/07/DTN.RefinedFuel.Security"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ICreateToken_CreateSecurityToken_InputMessage">
<wsdl:part name="parameters" element="tns:CreateSecurityToken"/>
</wsdl:message>
<wsdl:message name="ICreateToken_CreateSecurityToken_OutputMessage">
<wsdl:part name="parameters" element="tns:CreateSecurityTokenResponse"/>
</wsdl:message>
<wsdl:message name="IDecryptToken_DecryptToken_InputMessage">
<wsdl:part name="parameters" element="tns:DecryptToken"/>
</wsdl:message>
<wsdl:message name="IDecryptToken_DecryptToken_OutputMessage">
<wsdl:part name="parameters" element="tns:DecryptTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ICreateToken">
<wsdl:operation name="CreateSecurityToken">
<wsdl:input wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityToken" message="tns:ICreateToken_CreateSecurityToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityTokenResponse" message="tns:ICreateToken_CreateSecurityToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:portType name="IDecryptToken">
<wsdl:operation name="DecryptToken">
<wsdl:input wsaw:Action="http://tempuri.org/IDecryptToken/DecryptToken" message="tns:IDecryptToken_DecryptToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/IDecryptToken/DecryptTokenResponse" message="tns:IDecryptToken_DecryptToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="CreateToken" type="tns:ICreateToken">
<wsp:PolicyReference URI="#CreateToken_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreateSecurityToken">
<soap12:operation soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="DecryptToken" type="tns:IDecryptToken">
<wsp:PolicyReference URI="#DecryptToken_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="DecryptToken">
<soap12:operation soapAction="http://tempuri.org/IDecryptToken/DecryptToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="CreateToken2" type="tns:ICreateToken">
<wsp:PolicyReference URI="#CreateToken2_policy"/>
<soap:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="CreateSecurityToken">
<soap:operation soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="SecurityService">
<wsdl:port name="CreateToken" binding="tns:CreateToken">
<soap12:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken"/>
<wsa10:EndpointReference>
<wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="DecryptToken" binding="tns:DecryptToken">
<soap12:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken"/>
<wsa10:EndpointReference>
<wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
<wsdl:port name="CreateToken2" binding="tns:CreateToken2">
<soap:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken2"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
Re: wsp:Policy Question
Posted by Dennis Sosnoski <dm...@sosnoski.com>.
Hi Ron,
You can see my CXF article on IBM developerWorks for some basics of
using policies to define WS-Security handling:
http://www.ibm.com/developerworks/java/library/j-jws13.html
Some of the later articles in the series might also be of interest,
discussing WS-SecureConversation and more details of WS-Policy.
- Dennis
Dennis M. Sosnoski
Java SOA and Web Services Consulting <http://www.sosnoski.com/consult.html>
CXF and Web Services Security Training
<http://www.sosnoski.com/training.html>
Web Services Jump-Start <http://www.sosnoski.com/jumpstart.html>
On 02/09/2013 06:23 AM, Ron Grimes wrote:
> I have the task of building a client to a secure .Net web service. Although I've done this sort of thing for many years, I have not had to deal with the wsp:Policy section, and so I'm at a bit of a loss, not finding any decent documentation on the how-tos.
>
> The provider of the web service sent me a Java client example, but it confused me even more as it seems they are using a wsdd, which I gather is a holdover from Axis 1. From the best I can tell, the replacement for that, in Axis 2, is defining the policy in a service.xml file. But, again, can't really find any examples of its use.
>
> Finally, the Java client example that they sent to me applies the policy through a generated ServiceLocator class. However, when I run wsdl2java, no ServiceLocator class is created. Nor do I find a way to handle the policy through the generated classes. There's nothing like wsdl2java's parameter "-exsh" that's used to generate header classes as a corollary on the policies side.
>
> I tried something like the following, but it didn't work:
>
> SecurityServiceTest service = new SecurityServiceTest();
> ICreateToken createToken = service.getCreateToken2();
> ((BindingProvider) createToken).getRequestContext().put(BindingProvider.USERNAME_PROPERTY, wsUser);
> ((BindingProvider) createToken).getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, wsPassword);
>
>
> As you can tell, I'm totaling groping in the dark on this one. Any help/pointers are greatly appreciated. Here's the WSDL I'm trying to accommodate:
>
> <?xml version="1.0" encoding="utf-8"?>
> <wsdl:definitions name="SecurityService" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex">
> <wsp:Policy wsu:Id="CreateToken_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body/>
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:TransportBinding>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssUsernameToken10/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> <sp:MustSupportRefThumbprint/>
> <sp:MustSupportRefEncryptedKey/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> <sp:SignedParts>
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> <sp:MustSupportRefThumbprint/>
> <sp:MustSupportRefEncryptedKey/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing/>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="DecryptToken_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:BootstrapPolicy>
> <wsp:Policy>
> <sp:SignedParts>
> <sp:Body/>
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="From" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="FaultTo" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="ReplyTo" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="MessageID" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="RelatesTo" Namespace="http://www.w3.org/2005/08/addressing"/>
> <sp:Header Name="Action" Namespace="http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> <sp:EncryptedParts>
> <sp:Body/>
> </sp:EncryptedParts>
> <sp:TransportBinding>
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Strict/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens>
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssUsernameToken10/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <sp:Wss11>
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> <sp:MustSupportRefThumbprint/>
> <sp:MustSupportRefEncryptedKey/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10>
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> </wsp:Policy>
> </sp:BootstrapPolicy>
> </wsp:Policy>
> </sp:SecureConversationToken>
> <sp:SignedParts>
> <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
> </sp:SignedParts>
> </wsp:Policy>
> </sp:EndorsingSupportingTokens>
> <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> <sp:MustSupportRefThumbprint/>
> <sp:MustSupportRefEncryptedKey/>
> </wsp:Policy>
> </sp:Wss11>
> <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportIssuedTokens/>
> <sp:RequireClientEntropy/>
> <sp:RequireServerEntropy/>
> </wsp:Policy>
> </sp:Trust10>
> <wsaw:UsingAddressing/>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsp:Policy wsu:Id="CreateToken2_policy">
> <wsp:ExactlyOne>
> <wsp:All>
> <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:TransportToken>
> <wsp:Policy>
> <sp:HttpsToken RequireClientCertificate="false"/>
> </wsp:Policy>
> </sp:TransportToken>
> <sp:AlgorithmSuite>
> <wsp:Policy>
> <sp:Basic256/>
> </wsp:Policy>
> </sp:AlgorithmSuite>
> <sp:Layout>
> <wsp:Policy>
> <sp:Lax/>
> </wsp:Policy>
> </sp:Layout>
> <sp:IncludeTimestamp/>
> </wsp:Policy>
> </sp:TransportBinding>
> <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
> <wsp:Policy>
> <sp:WssUsernameToken10/>
> </wsp:Policy>
> </sp:UsernameToken>
> </wsp:Policy>
> </sp:SignedSupportingTokens>
> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
> <wsp:Policy>
> <sp:MustSupportRefKeyIdentifier/>
> <sp:MustSupportRefIssuerSerial/>
> </wsp:Policy>
> </sp:Wss10>
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
> <wsdl:types>
> <xsd:schema targetNamespace="http://tempuri.org/Imports">
> <xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd0" namespace="http://tempuri.org/"/>
> <xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd1" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
> <xsd:import schemaLocation="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc?xsd=xsd2" namespace="http://schemas.datacontract.org/2004/07/DTN.RefinedFuel.Security"/>
> </xsd:schema>
> </wsdl:types>
> <wsdl:message name="ICreateToken_CreateSecurityToken_InputMessage">
> <wsdl:part name="parameters" element="tns:CreateSecurityToken"/>
> </wsdl:message>
> <wsdl:message name="ICreateToken_CreateSecurityToken_OutputMessage">
> <wsdl:part name="parameters" element="tns:CreateSecurityTokenResponse"/>
> </wsdl:message>
> <wsdl:message name="IDecryptToken_DecryptToken_InputMessage">
> <wsdl:part name="parameters" element="tns:DecryptToken"/>
> </wsdl:message>
> <wsdl:message name="IDecryptToken_DecryptToken_OutputMessage">
> <wsdl:part name="parameters" element="tns:DecryptTokenResponse"/>
> </wsdl:message>
> <wsdl:portType name="ICreateToken">
> <wsdl:operation name="CreateSecurityToken">
> <wsdl:input wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityToken" message="tns:ICreateToken_CreateSecurityToken_InputMessage"/>
> <wsdl:output wsaw:Action="http://tempuri.org/ICreateToken/CreateSecurityTokenResponse" message="tns:ICreateToken_CreateSecurityToken_OutputMessage"/>
> </wsdl:operation>
> </wsdl:portType>
> <wsdl:portType name="IDecryptToken">
> <wsdl:operation name="DecryptToken">
> <wsdl:input wsaw:Action="http://tempuri.org/IDecryptToken/DecryptToken" message="tns:IDecryptToken_DecryptToken_InputMessage"/>
> <wsdl:output wsaw:Action="http://tempuri.org/IDecryptToken/DecryptTokenResponse" message="tns:IDecryptToken_DecryptToken_OutputMessage"/>
> </wsdl:operation>
> </wsdl:portType>
> <wsdl:binding name="CreateToken" type="tns:ICreateToken">
> <wsp:PolicyReference URI="#CreateToken_policy"/>
> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
> <wsdl:operation name="CreateSecurityToken">
> <soap12:operation soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken" style="document"/>
> <wsdl:input>
> <soap12:body use="literal"/>
> </wsdl:input>
> <wsdl:output>
> <soap12:body use="literal"/>
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:binding name="DecryptToken" type="tns:IDecryptToken">
> <wsp:PolicyReference URI="#DecryptToken_policy"/>
> <soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
> <wsdl:operation name="DecryptToken">
> <soap12:operation soapAction="http://tempuri.org/IDecryptToken/DecryptToken" style="document"/>
> <wsdl:input>
> <soap12:body use="literal"/>
> </wsdl:input>
> <wsdl:output>
> <soap12:body use="literal"/>
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:binding name="CreateToken2" type="tns:ICreateToken">
> <wsp:PolicyReference URI="#CreateToken2_policy"/>
> <soap:binding transport="http://schemas.xmlsoap.org/soap/http"/>
> <wsdl:operation name="CreateSecurityToken">
> <soap:operation soapAction="http://tempuri.org/ICreateToken/CreateSecurityToken" style="document"/>
> <wsdl:input>
> <soap:body use="literal"/>
> </wsdl:input>
> <wsdl:output>
> <soap:body use="literal"/>
> </wsdl:output>
> </wsdl:operation>
> </wsdl:binding>
> <wsdl:service name="SecurityService">
> <wsdl:port name="CreateToken" binding="tns:CreateToken">
> <soap12:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken"/>
> <wsa10:EndpointReference>
> <wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken</wsa10:Address>
> </wsa10:EndpointReference>
> </wsdl:port>
> <wsdl:port name="DecryptToken" binding="tns:DecryptToken">
> <soap12:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken"/>
> <wsa10:EndpointReference>
> <wsa10:Address>https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/DecryptToken</wsa10:Address>
> </wsa10:EndpointReference>
> </wsdl:port>
> <wsdl:port name="CreateToken2" binding="tns:CreateToken2">
> <soap:address location="https://catdtnrfsecurityservice.dtnenergy.com/Service.svc/CreateToken2"/>
> </wsdl:port>
> </wsdl:service>
> </wsdl:definitions>
>