You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Wishing Carebear <wi...@gmail.com> on 2009/09/01 07:45:53 UTC
Re: Help with axis1.4.1 (not axis2) and wss4j
Thanks Alick.
I will try it out.
Regards,
cabear
On Mon, Aug 31, 2009 at 2:54 PM, Alick Buckley
<Al...@lansa.com.au>wrote:
> Hi,
>
> Axis 1.4 offers WS-Security capability by using the Apache WSS4J,
> XML-Security and WS-Addressing projects.
>
> WS-Security and WS-Addressing capability is available by configuring the
> Axis client configuration file for the particular service that needs to have
> these features enabled.
>
> The global configuration parameter 'enableNamespacePrefixOptimization'
> needs to be false, so the XML is not altered after the signing process.
>
> Client Configuration Example
>
> <?xml version="1.0" encoding="utf-8"?>
>
> <deployment name="defaultClientConfig" xmlns="
> http://xml.apache.org/axis/wsdd/" xmlns:java="
> http://xml.apache.org/axis/wsdd/providers/java">
>
> <globalConfiguration>
> <parameter name="disablePrettyXML" value="true"/>
> <parameter name="addressing.sendReplyTo" value="true"/>
> <parameter name="enableNamespacePrefixOptimization" value="false"/>
> </globalConfiguration>
>
> <service name="MyServicePort">
> <requestFlow>
> <handler type="java:com.acme.MyHandler">
> <parameter name="acme.keyword" value="value"/>
> </handler>
> </requestFlow>
> </service>
>
> <service name="XYZPort">
> <requestFlow>
>
> <handler
> type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
> <!-- Reference elements are added in the same order -->
> <parameter name="referencePropertyNames"
> value="{Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom>
> "/>
> </handler>
>
> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
> <!-- action order is important, do Timestamp then Signature if
> signing Timestamp -->
> <parameter name="action" value="Timestamp Signature"/>
> <parameter name="user" value="XYZLabel"/>
> <parameter name="passwordCallbackClass"
> value="com.acme.security.PasswordCallback"/>
> <parameter name="signatureKeyIdentifier" value="DirectReference"/>
> <parameter name="signaturePropFile" value="pki/security.properties"/>
> <parameter name="timeToLive" value="300"/>
> <parameter name="precisionInMilliseconds" value="false" />
> <!-- Reference elements are added in the same order -->
> <parameter name="signatureParts"
> value="{Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
> ;
> {Element}{
> http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom>
> ;
> {Element}{
> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp>
> ;
> {Element}{
> http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7DBody>
> "/>
> </handler>
> </requestFlow>
> </service>
>
> <transport name="http"
> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
> <transport name="java"
> pivot="java:org.apache.axis.transport.java.JavaSender"/>
> <transport name="local"
> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>
> </deployment>
>
> The latest WS-Addressing namespace is currently '
> http://schemas.xmlsoap.org/ws/2004/08/addressing' but some web service
> servers such as .Net expect the namespace to be '
> http://schemas.xmlsoap.org/ws/2004/03/addressing'.
>
> To change the 2004/08 to the 2004/03 namespace requires the following code:
>
> stub._setProperty (
> org.apache.axis.message.addressing.Constants.ENV_ADDRESSING_NAMESPACE_URI,
>
> org.apache.axis.message.addressing.Constants.NS_URI_ADDRESSING_2004_03 ) ;
>
>
> The parameter user can have several roles depending on the type of action.
> If one of the actions is Signature then the user value is the keystore
> alias/label in the specified keystore file. The password to the private key
> is supplied by a custom call back class specified in the passwordCallback
> parameter. The user value is passed to an instance of the callback class as
> the identifier.
>
> The parameter signaturePropFile specifies the properties file used during
> the signing process. This file specifies what keystore file to used and the
> password to the keystore.
>
>
> #
> # Webservice Security
> #
>
> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
> org.apache.ws.security.crypto.merlin.file=pki/keystore.pfx
> org.apache.ws.security.crypto.merlin.keystore.password=keypassword
> #
>
> The following example is a template for a password callback class.
>
>
> package com.acme.security ;
>
> import java.io.* ;
>
> import javax.security.auth.callback.Callback ;
> import javax.security.auth.callback.CallbackHandler ;
> import javax.security.auth.callback.UnsupportedCallbackException ;
>
> import org.apache.ws.security.WSPasswordCallback ;
>
> public class PasswordCallback implements CallbackHandler
> {
> public PasswordCallback ()
> {
> }
>
> public void handle ( Callback[] callbackArray ) throws IOException,
> UnsupportedCallbackException
> {
> System.out.println ( "PasswordCallback handle" ) ;
>
> for ( int i = 0; i < callbackArray.length; i++ )
> {
> if ( callbackArray[i] instanceof WSPasswordCallback )
> {
> WSPasswordCallback callback =
> (WSPasswordCallback)callbackArray[i] ;
>
> int usage = callback.getUsage () ;
>
> String identifier = callback.getIdentifer () ;
>
> if ( usage == WSPasswordCallback.UNKNOWN )
> {
> System.out.println ( "UNKNOWN " + identifier ) ;
>
> continue ;
> }
>
> if ( usage == WSPasswordCallback.DECRYPT )
> {
> System.out.println ( "DECRYPT " + identifier ) ;
>
> continue ;
> }
>
> if ( usage == WSPasswordCallback.SIGNATURE )
> {
> System.out.println ( "SIGNATURE " + identifier ) ;
>
> if ( identifier.equals ( "XYZLabel" ) )
> {
> /*
> keystore private key password
> */
>
> callback.setPassword ( "keypassword" ) ;
>
> return ;
> }
>
> return ;
> }
>
> if ( usage == WSPasswordCallback.KEY_NAME )
> {
> System.out.println ( "KEY_NAME " + identifier ) ;
>
> continue ;
> }
>
> if ( usage == WSPasswordCallback.USERNAME_TOKEN )
> {
> System.out.println ( "USERNAME_TOKEN " + identifier )
> ;
>
> if ( identifier.equals ( "myuser" ) )
> {
> callback.setPassword ( "mypassword" ) ;
>
> return ;
> }
>
> return ;
> }
>
> if ( usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN )
> {
> System.out.println ( "USERNAME_TOKEN_UNKNOWN " +
> identifier ) ;
>
> continue ;
> }
>
> if ( usage == WSPasswordCallback.SECURITY_CONTEXT_TOKEN )
> {
> System.out.println ( "SECURITY_CONTEXT_TOKEN " +
> identifier ) ;
>
> continue ;
> }
> }
> }
>
> throw new java.io.IOException ( "PasswordCallback: unrecognized
> password callback instance or callback usage" ) ;
> }
> }
>
>
> =============================================================================================
>
>
> -----Original Message-----
> *From:* Wishing Carebear [mailto:wishing.carebear@gmail.com]
> *Sent:* Saturday, 29 August 2009 7:35 AM
> *To:* axis-user@ws.apache.org
> *Subject:* Re: Help with axis1.4.1 (not axis2) and wss4j
>
> Hello:
> Can someone provide some pointers.
>
> Thanks,
> cabear
>
> On Fri, Aug 28, 2009 at 10:13 AM, Wishing Carebear <
> wishing.carebear@gmail.com> wrote:
>
>> Hello:
>> I'm trying to write a client to a WSE 3.0 published webservice. The policy
>> file looks like below:
>>
>> Does wss4j and axis supports addressing.
>>
>> Thanks,
>> cabear
>>
>> ------------------------
>>
>> <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy" <http://schemas.microsoft.com/wse/2005/06/policy>>
>> <extensions>
>> <extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
>> <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
>> <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
>> </extensions>
>> <policy name="ServerPolicy">
>> <usernameForCertificateSecurity establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
>> <serviceToken>
>> <x509 storeLocation="LocalMachine" storeName="My" findValue="CN=TMPDMDevelopment" findType="FindBySubjectDistinguishedName" />
>> </serviceToken>
>> <protection>
>> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
>> </protection>
>> </usernameForCertificateSecurity>
>> <requireActionHeader />
>> </policy>
>> <policy name="AuthenticationServicePolicy">
>> <usernameForCertificateSecurity establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
>> <serviceToken>
>> <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=TMPDMDevelopment" findType="FindBySubjectDistinguishedName" />
>> </serviceToken>
>> <protection>
>> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
>> </protection>
>> </usernameForCertificateSecurity>
>> <requireActionHeader />
>> </policy>
>> <!--<policy name="ClientPolicy">
>> <usernameForCertificateSecurity establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
>> <serviceToken>
>> <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=TMPDMDevelopment" findType="FindBySubjectDistinguishedName" />
>> </serviceToken>
>> <protection>
>> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
>> </protection>
>> </usernameForCertificateSecurity>
>> <requireActionHeader />
>> </policy>-->
>> </policies>
>>
>>
>> ------------------------
>>
>>
>
>
Re: Help with axis1.4.1 (not axis2) and wss4j
Posted by Wishing Carebear <wi...@gmail.com>.
Alick:
Is there any good tutorial with Addressing and wss4j security and Axis1.
Thanks,
cabear
On Mon, Aug 31, 2009 at 10:45 PM, Wishing Carebear <
wishing.carebear@gmail.com> wrote:
> Thanks Alick.
>
> I will try it out.
>
> Regards,
> cabear
>
>
> On Mon, Aug 31, 2009 at 2:54 PM, Alick Buckley <Alick.Buckley@lansa.com.au
> > wrote:
>
>> Hi,
>>
>> Axis 1.4 offers WS-Security capability by using the Apache WSS4J,
>> XML-Security and WS-Addressing projects.
>>
>> WS-Security and WS-Addressing capability is available by configuring the
>> Axis client configuration file for the particular service that needs to have
>> these features enabled.
>>
>> The global configuration parameter 'enableNamespacePrefixOptimization'
>> needs to be false, so the XML is not altered after the signing process.
>>
>> Client Configuration Example
>>
>> <?xml version="1.0" encoding="utf-8"?>
>>
>> <deployment name="defaultClientConfig" xmlns="
>> http://xml.apache.org/axis/wsdd/" xmlns:java="
>> http://xml.apache.org/axis/wsdd/providers/java">
>>
>> <globalConfiguration>
>> <parameter name="disablePrettyXML" value="true"/>
>> <parameter name="addressing.sendReplyTo" value="true"/>
>> <parameter name="enableNamespacePrefixOptimization" value="false"/>
>> </globalConfiguration>
>>
>> <service name="MyServicePort">
>> <requestFlow>
>> <handler type="java:com.acme.MyHandler">
>> <parameter name="acme.keyword" value="value"/>
>> </handler>
>> </requestFlow>
>> </service>
>>
>> <service name="XYZPort">
>> <requestFlow>
>>
>> <handler
>> type="java:org.apache.axis.message.addressing.handler.AddressingHandler">
>> <!-- Reference elements are added in the same order -->
>> <parameter name="referencePropertyNames"
>> value="{Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom>
>> "/>
>> </handler>
>>
>> <handler type="java:org.apache.ws.axis.security.WSDoAllSender">
>> <!-- action order is important, do Timestamp then Signature if
>> signing Timestamp -->
>> <parameter name="action" value="Timestamp Signature"/>
>> <parameter name="user" value="XYZLabel"/>
>> <parameter name="passwordCallbackClass"
>> value="com.acme.security.PasswordCallback"/>
>> <parameter name="signatureKeyIdentifier" value="DirectReference"/>
>> <parameter name="signaturePropFile"
>> value="pki/security.properties"/>
>> <parameter name="timeToLive" value="300"/>
>> <parameter name="precisionInMilliseconds" value="false" />
>> <!-- Reference elements are added in the same order -->
>> <parameter name="signatureParts"
>> value="{Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}Action<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DAction>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DMessageID>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DReplyTo>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}To<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DTo>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/ws/2004/03/addressing}From<http://schemas.xmlsoap.org/ws/2004/03/addressing%7DFrom>
>> ;
>> {Element}{
>> http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd}Timestamp<http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd%7DTimestamp>
>> ;
>> {Element}{
>> http://schemas.xmlsoap.org/soap/envelope/}Body<http://schemas.xmlsoap.org/soap/envelope/%7DBody>
>> "/>
>> </handler>
>> </requestFlow>
>> </service>
>>
>> <transport name="http"
>> pivot="java:org.apache.axis.transport.http.HTTPSender"/>
>> <transport name="java"
>> pivot="java:org.apache.axis.transport.java.JavaSender"/>
>> <transport name="local"
>> pivot="java:org.apache.axis.transport.local.LocalSender"/>
>>
>> </deployment>
>>
>> The latest WS-Addressing namespace is currently '
>> http://schemas.xmlsoap.org/ws/2004/08/addressing' but some web service
>> servers such as .Net expect the namespace to be '
>> http://schemas.xmlsoap.org/ws/2004/03/addressing'.
>>
>> To change the 2004/08 to the 2004/03 namespace requires the following
>> code:
>>
>> stub._setProperty (
>> org.apache.axis.message.addressing.Constants.ENV_ADDRESSING_NAMESPACE_URI,
>>
>> org.apache.axis.message.addressing.Constants.NS_URI_ADDRESSING_2004_03 ) ;
>>
>>
>> The parameter user can have several roles depending on the type of action.
>> If one of the actions is Signature then the user value is the keystore
>> alias/label in the specified keystore file. The password to the private key
>> is supplied by a custom call back class specified in the passwordCallback
>> parameter. The user value is passed to an instance of the callback class as
>> the identifier.
>>
>> The parameter signaturePropFile specifies the properties file used during
>> the signing process. This file specifies what keystore file to used and the
>> password to the keystore.
>>
>>
>> #
>> # Webservice Security
>> #
>>
>> org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
>> org.apache.ws.security.crypto.merlin.keystore.type=pkcs12
>> org.apache.ws.security.crypto.merlin.file=pki/keystore.pfx
>> org.apache.ws.security.crypto.merlin.keystore.password=keypassword
>> #
>>
>> The following example is a template for a password callback class.
>>
>>
>> package com.acme.security ;
>>
>> import java.io.* ;
>>
>> import javax.security.auth.callback.Callback ;
>> import javax.security.auth.callback.CallbackHandler ;
>> import javax.security.auth.callback.UnsupportedCallbackException ;
>>
>> import org.apache.ws.security.WSPasswordCallback ;
>>
>> public class PasswordCallback implements CallbackHandler
>> {
>> public PasswordCallback ()
>> {
>> }
>>
>> public void handle ( Callback[] callbackArray ) throws IOException,
>> UnsupportedCallbackException
>> {
>> System.out.println ( "PasswordCallback handle" ) ;
>>
>> for ( int i = 0; i < callbackArray.length; i++ )
>> {
>> if ( callbackArray[i] instanceof WSPasswordCallback )
>> {
>> WSPasswordCallback callback =
>> (WSPasswordCallback)callbackArray[i] ;
>>
>> int usage = callback.getUsage () ;
>>
>> String identifier = callback.getIdentifer () ;
>>
>> if ( usage == WSPasswordCallback.UNKNOWN )
>> {
>> System.out.println ( "UNKNOWN " + identifier ) ;
>>
>> continue ;
>> }
>>
>> if ( usage == WSPasswordCallback.DECRYPT )
>> {
>> System.out.println ( "DECRYPT " + identifier ) ;
>>
>> continue ;
>> }
>>
>> if ( usage == WSPasswordCallback.SIGNATURE )
>> {
>> System.out.println ( "SIGNATURE " + identifier ) ;
>>
>> if ( identifier.equals ( "XYZLabel" ) )
>> {
>> /*
>> keystore private key password
>> */
>>
>> callback.setPassword ( "keypassword" ) ;
>>
>> return ;
>> }
>>
>> return ;
>> }
>>
>> if ( usage == WSPasswordCallback.KEY_NAME )
>> {
>> System.out.println ( "KEY_NAME " + identifier ) ;
>>
>> continue ;
>> }
>>
>> if ( usage == WSPasswordCallback.USERNAME_TOKEN )
>> {
>> System.out.println ( "USERNAME_TOKEN " + identifier )
>> ;
>>
>> if ( identifier.equals ( "myuser" ) )
>> {
>> callback.setPassword ( "mypassword" ) ;
>>
>> return ;
>> }
>>
>> return ;
>> }
>>
>> if ( usage == WSPasswordCallback.USERNAME_TOKEN_UNKNOWN )
>> {
>> System.out.println ( "USERNAME_TOKEN_UNKNOWN " +
>> identifier ) ;
>>
>> continue ;
>> }
>>
>> if ( usage == WSPasswordCallback.SECURITY_CONTEXT_TOKEN )
>> {
>> System.out.println ( "SECURITY_CONTEXT_TOKEN " +
>> identifier ) ;
>>
>> continue ;
>> }
>> }
>> }
>>
>> throw new java.io.IOException ( "PasswordCallback: unrecognized
>> password callback instance or callback usage" ) ;
>> }
>> }
>>
>>
>> =============================================================================================
>>
>>
>> -----Original Message-----
>> *From:* Wishing Carebear [mailto:wishing.carebear@gmail.com]
>> *Sent:* Saturday, 29 August 2009 7:35 AM
>> *To:* axis-user@ws.apache.org
>> *Subject:* Re: Help with axis1.4.1 (not axis2) and wss4j
>>
>> Hello:
>> Can someone provide some pointers.
>>
>> Thanks,
>> cabear
>>
>> On Fri, Aug 28, 2009 at 10:13 AM, Wishing Carebear <
>> wishing.carebear@gmail.com> wrote:
>>
>>> Hello:
>>> I'm trying to write a client to a WSE 3.0 published webservice. The
>>> policy file looks like below:
>>>
>>> Does wss4j and axis supports addressing.
>>>
>>> Thanks,
>>> cabear
>>>
>>> ------------------------
>>>
>>> <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy" <http://schemas.microsoft.com/wse/2005/06/policy>>
>>> <extensions>
>>> <extension name="usernameForCertificateSecurity" type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
>>> <extension name="x509" type="Microsoft.Web.Services3.Design.X509TokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
>>> <extension name="requireActionHeader" type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
>>> </extensions>
>>> <policy name="ServerPolicy">
>>> <usernameForCertificateSecurity establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
>>> <serviceToken>
>>> <x509 storeLocation="LocalMachine" storeName="My" findValue="CN=TMPDMDevelopment" findType="FindBySubjectDistinguishedName" />
>>> </serviceToken>
>>> <protection>
>>> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>>> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
>>> </protection>
>>> </usernameForCertificateSecurity>
>>> <requireActionHeader />
>>> </policy>
>>> <policy name="AuthenticationServicePolicy">
>>> <usernameForCertificateSecurity establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
>>> <serviceToken>
>>> <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=TMPDMDevelopment" findType="FindBySubjectDistinguishedName" />
>>> </serviceToken>
>>> <protection>
>>> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>>> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
>>> </protection>
>>> </usernameForCertificateSecurity>
>>> <requireActionHeader />
>>> </policy>
>>> <!--<policy name="ClientPolicy">
>>> <usernameForCertificateSecurity establishSecurityContext="true" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true" ttlInSeconds="300">
>>> <serviceToken>
>>> <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=TMPDMDevelopment" findType="FindBySubjectDistinguishedName" />
>>> </serviceToken>
>>> <protection>
>>> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>>> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
>>> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" />
>>> </protection>
>>> </usernameForCertificateSecurity>
>>> <requireActionHeader />
>>> </policy>-->
>>> </policies>
>>>
>>>
>>> ------------------------
>>>
>>>
>>
>>
>