You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2009/07/08 22:25:00 UTC
svn commit: r792293 - in /cxf/branches/2.2.x-fixes: ./
rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/
rt/ws/security/src/main/java/org/apache/cxf/ws/security/w...
Author: dkulp
Date: Wed Jul 8 20:25:00 2009
New Revision: 792293
URL: http://svn.apache.org/viewvc?rev=792293&view=rev
Log:
Merged revisions 792264 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r792264 | dkulp | 2009-07-08 15:02:19 -0400 (Wed, 08 Jul 2009) | 1 line
[CXF-2333] Add support for the encrypted/signed stuff based on xpaths
........
Modified:
cxf/branches/2.2.x-fixes/ (props changed)
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Jul 8 20:25:00 2009
@@ -1 +1 @@
-/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792263
+/cxf/trunk:782728-782730,783097,783294,783396,784059,784181-784184,784893,784895,785279-785282,785468,785621,785624,785651,785734,785866,786142,786271-786272,786395,786512,786514,786582-786583,786638,786647,786850,787200,787269,787277-787279,787290-787291,787305,787323,787366,787849,788030,788060,788187,788444,788451,788703,788752,788774,788819-788820,789013,789371,789387,789420,789527-789530,789704-789705,789788,789811,789896-789901,790074,790094,790134,790188,790294,790553,790637-790644,790868,791301,791354,791538,791753,791947,792007,792096,792183,792261-792264
Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java?rev=792293&r1=792292&r2=792293&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/WSSecurityPolicyInterceptorProvider.java Wed Jul 8 20:25:00 2009
@@ -50,6 +50,9 @@
ASSERTION_TYPES.add(SP12Constants.TRANSPORT_TOKEN);
ASSERTION_TYPES.add(SP12Constants.SIGNED_PARTS);
ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_PARTS);
+ ASSERTION_TYPES.add(SP12Constants.ENCRYPTED_ELEMENTS);
+ ASSERTION_TYPES.add(SP12Constants.SIGNED_ELEMENTS);
+ ASSERTION_TYPES.add(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSupportingTokens());
ASSERTION_TYPES.add(SP12Constants.INSTANCE.getSignedSupportingTokens());
ASSERTION_TYPES.add(SP12Constants.INSTANCE.getEndorsingSupportingTokens());
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java?rev=792293&r1=792292&r2=792293&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/PolicyBasedWSS4JInInterceptor.java Wed Jul 8 20:25:00 2009
@@ -34,8 +34,12 @@
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import javax.xml.stream.XMLStreamException;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
@@ -43,6 +47,7 @@
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
@@ -53,7 +58,9 @@
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
+import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
+import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
@@ -279,10 +286,73 @@
return action;
}
-
+ private void assertXPathTokens(AssertionInfoMap aim,
+ QName name,
+ Collection<WSDataRef> refs,
+ SoapMessage msg,
+ SOAPMessage doc,
+ String type,
+ boolean content) throws SOAPException {
+ Collection<AssertionInfo> ais = aim.get(name);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ ai.setAsserted(true);
+ Map<String, String> namespaces = null;
+ List<String> xpaths = null;
+ if (content) {
+ ContentEncryptedElements p = (ContentEncryptedElements)ai.getAssertion();
+ namespaces = p.getDeclaredNamespaces();
+ xpaths = p.getXPathExpressions();
+ } else {
+ SignedEncryptedElements p = (SignedEncryptedElements)ai.getAssertion();
+ namespaces = p.getDeclaredNamespaces();
+ xpaths = p.getXPathExpressions();
+ }
+ if (xpaths != null) {
+ XPathFactory factory = XPathFactory.newInstance();
+ for (String expression : xpaths) {
+ XPath xpath = factory.newXPath();
+ if (namespaces != null) {
+ xpath.setNamespaceContext(new MapNamespaceContext(namespaces));
+ }
+ try {
+ NodeList list = (NodeList)xpath.evaluate(expression,
+ doc.getSOAPPart().getEnvelope(),
+ XPathConstants.NODESET);
+ boolean found = list.getLength() == 0;
+ for (int x = 0; x < list.getLength(); x++) {
+ Element el = (Element)list.item(x);
+ for (WSDataRef r : refs) {
+ if (r.getProtectedElement() == el
+ && r.isContent() == content) {
+ found = true;
+ }
+ }
+ }
+ if (!found) {
+ ai.setNotAsserted("No " + type
+ + " element found matching XPath " + expression);
+ }
+ } catch (Exception ex) {
+ //REVISIT
+ }
+ }
+ }
+ }
+ }
+ }
+
+ private boolean contains(Collection<WSDataRef> refs, QName qn) {
+ for (WSDataRef r : refs) {
+ if (r.getName().equals(qn)) {
+ return true;
+ }
+ }
+ return false;
+ }
private void assertTokens(AssertionInfoMap aim,
QName name,
- Collection<QName> signed,
+ Collection<WSDataRef> signed,
SoapMessage msg,
SOAPMessage doc,
String type) throws SOAPException {
@@ -291,12 +361,12 @@
for (AssertionInfo ai : ais) {
ai.setAsserted(true);
SignedEncryptedParts p = (SignedEncryptedParts)ai.getAssertion();
- if (p.isBody() && !signed.contains(msg.getVersion().getBody())) {
+ if (p.isBody() && !contains(signed, msg.getVersion().getBody())) {
ai.setNotAsserted(msg.getVersion().getBody() + " not " + type);
return;
}
for (Header h : p.getHeaders()) {
- if (!signed.contains(h.getQName())) {
+ if (!contains(signed, h.getQName())) {
boolean found = false;
Element nd = DOMUtils.getFirstElement(doc.getSOAPHeader());
while (nd != null && !found) {
@@ -389,8 +459,8 @@
protected void doResults(SoapMessage msg, String actor,
SOAPMessage doc, Vector results) throws SOAPException, XMLStreamException {
AssertionInfoMap aim = msg.get(AssertionInfoMap.class);
- Collection<QName> signed = new HashSet<QName>();
- Collection<QName> encrypted = new HashSet<QName>();
+ Collection<WSDataRef> signed = new HashSet<WSDataRef>();
+ Collection<WSDataRef> encrypted = new HashSet<WSDataRef>();
boolean hasDerivedKeys = false;
boolean hasEndorsement = false;
Protections prots = Protections.NONE;
@@ -411,7 +481,7 @@
break;
}
for (WSDataRef r : sl) {
- signed.add(r.getName());
+ signed.add(r);
}
prots = addSign(prots);
}
@@ -421,7 +491,7 @@
.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
if (el != null) {
for (WSDataRef r : el) {
- encrypted.add(r.getName());
+ encrypted.add(r);
}
prots = addEncrypt(prots);
}
@@ -444,8 +514,12 @@
}
}
assertTokens(aim, SP12Constants.SIGNED_PARTS, signed, msg, doc, "signed");
- assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, signed, msg, doc, "encrypted");
-
+ assertTokens(aim, SP12Constants.ENCRYPTED_PARTS, encrypted, msg, doc, "encrypted");
+ assertXPathTokens(aim, SP12Constants.SIGNED_ELEMENTS, signed, msg, doc, "signed", false);
+ assertXPathTokens(aim, SP12Constants.ENCRYPTED_ELEMENTS, encrypted, msg, doc, "encrypted", false);
+ assertXPathTokens(aim, SP12Constants.CONTENT_ENCRYPTED_ELEMENTS, encrypted, msg,
+ doc, "encrypted", true);
+
assertAsymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
assertSymetricBinding(aim, msg, doc, prots, hasDerivedKeys);
assertTransportBinding(aim);
Modified: cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java?rev=792293&r1=792292&r2=792293&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java (original)
+++ cxf/branches/2.2.x-fixes/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.java Wed Jul 8 20:25:00 2009
@@ -78,6 +78,7 @@
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Binding;
+import org.apache.cxf.ws.security.policy.model.ContentEncryptedElements;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KeyValueToken;
@@ -679,7 +680,8 @@
SignedEncryptedParts parts = null;
SignedEncryptedElements elements = null;
-
+ ContentEncryptedElements celements = null;
+
Collection<AssertionInfo> ais = aim.getAssertionInfo(SP12Constants.ENCRYPTED_PARTS);
if (ais != null) {
for (AssertionInfo ai : ais) {
@@ -694,6 +696,13 @@
ai.setAsserted(true);
}
}
+ ais = aim.getAssertionInfo(SP12Constants.CONTENT_ENCRYPTED_ELEMENTS);
+ if (ais != null) {
+ for (AssertionInfo ai : ais) {
+ celements = (ContentEncryptedElements)ai.getAssertion();
+ ai.setAsserted(true);
+ }
+ }
List<WSEncryptionPart> signedParts = new ArrayList<WSEncryptionPart>();
if (parts != null) {
@@ -711,7 +720,9 @@
isBody,
signedParts,
elements == null ? null : elements.getXPathExpressions(),
- elements == null ? null : elements.getDeclaredNamespaces());
+ elements == null ? null : elements.getDeclaredNamespaces(),
+ celements == null ? null : celements.getXPathExpressions(),
+ celements == null ? null : celements.getDeclaredNamespaces());
}
public Vector<WSEncryptionPart> getSignedParts()
@@ -753,13 +764,16 @@
isSignBody,
signedParts,
elements == null ? null : elements.getXPathExpressions(),
- elements == null ? null : elements.getDeclaredNamespaces());
+ elements == null ? null : elements.getDeclaredNamespaces(),
+ null, null);
}
public Vector<WSEncryptionPart> getPartsAndElements(boolean sign,
boolean includeBody,
List<WSEncryptionPart> parts,
List<String> xpaths,
- Map<String, String> namespaces)
+ Map<String, String> namespaces,
+ List<String> contentXpaths,
+ Map<String, String> cnamespaces)
throws SOAPException {
Vector<WSEncryptionPart> result = new Vector<WSEncryptionPart>();
@@ -838,16 +852,19 @@
for (int x = 0; x < list.getLength(); x++) {
Element el = (Element)list.item(x);
if (sign) {
- result.add(new WSEncryptionPart(el.getLocalName(),
+ WSEncryptionPart part = new WSEncryptionPart(el.getLocalName(),
el.getNamespaceURI(),
"Content",
- WSConstants.PART_TYPE_ELEMENT));
+ WSConstants.PART_TYPE_ELEMENT);
+ part.setXpath(expression);
+ result.add(part);
} else {
WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
el.getNamespaceURI(),
"Element",
WSConstants
.PART_TYPE_ELEMENT);
+ encryptedElem.setXpath(expression);
String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
if (!StringUtils.isEmpty(wsuId)) {
@@ -861,6 +878,36 @@
}
}
}
+ if (contentXpaths != null && !contentXpaths.isEmpty()) {
+ XPathFactory factory = XPathFactory.newInstance();
+ for (String expression : contentXpaths) {
+ XPath xpath = factory.newXPath();
+ if (cnamespaces != null) {
+ xpath.setNamespaceContext(new MapNamespaceContext(cnamespaces));
+ }
+ try {
+ NodeList list = (NodeList)xpath.evaluate(expression, saaj.getSOAPPart().getEnvelope(),
+ XPathConstants.NODESET);
+ for (int x = 0; x < list.getLength(); x++) {
+ Element el = (Element)list.item(x);
+ WSEncryptionPart encryptedElem = new WSEncryptionPart(el.getLocalName(),
+ el.getNamespaceURI(),
+ "Content",
+ WSConstants
+ .PART_TYPE_ELEMENT);
+ encryptedElem.setXpath(expression);
+ String wsuId = el.getAttributeNS(WSConstants.WSU_NS, "Id");
+
+ if (!StringUtils.isEmpty(wsuId)) {
+ encryptedElem.setEncId(wsuId);
+ }
+ result.add(encryptedElem);
+ }
+ } catch (XPathExpressionException e) {
+ //REVISIT!!!!
+ }
+ }
+ }
return result;
}
@@ -1535,9 +1582,11 @@
Element encHeader = (Element)encDataElem.getParentNode();
String encHeaderId = encHeader.getAttributeNS(WSConstants.WSU_NS, "Id");
- signedParts.remove(signedPart);
- WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
- signedParts.add(encHeaderToSign);
+ if (!StringUtils.isEmpty(encHeaderId)) {
+ signedParts.remove(signedPart);
+ WSEncryptionPart encHeaderToSign = new WSEncryptionPart(encHeaderId);
+ signedParts.add(encHeaderToSign);
+ }
}
}
}
Modified: cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java?rev=792293&r1=792292&r2=792293&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java (original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/java/org/apache/cxf/systest/ws/security/SecurityPolicyTest.java Wed Jul 8 20:25:00 2009
@@ -67,6 +67,7 @@
public static final String POLICY_SIGNENC_PROVIDER_ADDRESS
= "http://localhost:9010/SecPolTestSignThenEncryptProvider";
public static final String POLICY_SIGN_ADDRESS = "http://localhost:9010/SecPolTestSign";
+ public static final String POLICY_XPATH_ADDRESS = "http://localhost:9010/SecPolTestXPath";
public static class ServerPasswordCallback implements CallbackHandler {
@@ -125,7 +126,15 @@
SecurityPolicyTest.class.getResource("bob.properties").toString());
ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
-
+
+ ep = (EndpointImpl)Endpoint.publish(POLICY_XPATH_ADDRESS,
+ new DoubleItImplXPath());
+ ei = ep.getServer().getEndpoint().getEndpointInfo();
+ ei.setProperty(SecurityConstants.CALLBACK_HANDLER, new KeystorePasswordCallback());
+ ei.setProperty(SecurityConstants.SIGNATURE_PROPERTIES,
+ SecurityPolicyTest.class.getResource("alice.properties").toString());
+ ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
+ SecurityPolicyTest.class.getResource("bob.properties").toString());
ep = (EndpointImpl)Endpoint.publish(POLICY_SIGNENC_PROVIDER_ADDRESS,
new DoubleItProvider());
@@ -136,7 +145,6 @@
SecurityPolicyTest.class.getResource("bob.properties").toString());
ei.setProperty(SecurityConstants.ENCRYPT_PROPERTIES,
SecurityPolicyTest.class.getResource("alice.properties").toString());
-
}
@Test
@@ -144,6 +152,16 @@
DoubleItService service = new DoubleItService();
DoubleItPortType pt;
+ pt = service.getDoubleItPortXPath();
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
+ new KeystorePasswordCallback());
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.SIGNATURE_PROPERTIES,
+ getClass().getResource("alice.properties"));
+ ((BindingProvider)pt).getRequestContext().put(SecurityConstants.ENCRYPT_PROPERTIES,
+ getClass().getResource("bob.properties"));
+ assertEquals(BigInteger.valueOf(10), pt.doubleIt(BigInteger.valueOf(5)));
+
+
pt = service.getDoubleItPortEncryptThenSign();
((BindingProvider)pt).getRequestContext().put(SecurityConstants.CALLBACK_HANDLER,
new KeystorePasswordCallback());
@@ -294,7 +312,17 @@
return numberToDouble.multiply(new BigInteger("2"));
}
}
-
+ @WebService(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt",
+ portName = "DoubleItPortXPath",
+ serviceName = "DoubleItService",
+ endpointInterface = "org.apache.cxf.policytest.doubleit.DoubleItPortType",
+ wsdlLocation = "classpath:/wsdl_systest/DoubleIt.wsdl")
+ public static class DoubleItImplXPath implements DoubleItPortType {
+ /** {@inheritDoc}*/
+ public BigInteger doubleIt(BigInteger numberToDouble) {
+ return numberToDouble.multiply(new BigInteger("2"));
+ }
+ }
@WebServiceProvider(targetNamespace = "http://cxf.apache.org/policytest/DoubleIt",
portName = "DoubleItPortSignThenEncrypt",
serviceName = "DoubleItService",
Modified: cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl?rev=792293&r1=792292&r2=792293&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl (original)
+++ cxf/branches/2.2.x-fixes/systests/src/test/resources/wsdl_systest/DoubleIt.wsdl Wed Jul 8 20:25:00 2009
@@ -1,327 +1,399 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- -->
-<wsdl:definitions name="DoubleIt"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:tns="http://cxf.apache.org/policytest/DoubleIt"
- targetNamespace="http://cxf.apache.org/policytest/DoubleIt"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsaws="http://www.w3.org/2005/08/addressing"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
- xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
- <wsdl:types>
- <xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt">
- <xsd:element name="DoubleIt">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="numberToDouble" type="xsd:integer"/>
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- <xsd:element name="DoubleItResponse">
- <xsd:complexType>
- <xsd:sequence>
- <xsd:element name="doubledNumber" type="xsd:integer" />
- </xsd:sequence>
- </xsd:complexType>
- </xsd:element>
- </xsd:schema>
- </wsdl:types>
- <wsdl:message name="DoubleItRequest">
- <wsdl:part element="tns:DoubleIt" name="parameters" />
- </wsdl:message>
- <wsdl:message name="DoubleItResponse">
- <wsdl:part element="tns:DoubleItResponse" name="parameters" />
- </wsdl:message>
- <wsdl:portType name="DoubleItPortType">
- <wsdl:operation name="DoubleIt">
- <wsdl:input message="tns:DoubleItRequest" />
- <wsdl:output message="tns:DoubleItResponse" />
- </wsdl:operation>
- </wsdl:portType>
- <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItBindingPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
- <wsp:PolicyReference URI="#DoubleItSignPolicy"/>
- <soap:binding style="document"
- transport="http://schemas.xmlsoap.org/soap/http" />
- <wsdl:operation name="DoubleIt">
- <soap:operation soapAction=""/>
- <wsdl:input><soap:body use="literal"/></wsdl:input>
- <wsdl:output><soap:body use="literal"/></wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
- <wsdl:service name="DoubleItService">
- <wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
- <soap:address
- location="https://localhost:9009/SecPolTest"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
- <soap:address
- location="http://localhost:9010/SecPolTest"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
- <soap:address
- location="http://localhost:9010/SecPolTestEncryptThenSign"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
- <soap:address
- location="http://localhost:9010/SecPolTestSignThenEncrypt"/>
- </wsdl:port>
- <wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
- <soap:address
- location="http://localhost:9010/SecPolTestSign"/>
- </wsdl:port>
- </wsdl:service>
-
- <wsp:Policy wsu:Id="DoubleItBindingPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy"/>
- </wsp:All>
- <wsp:All>
- <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl"/>
- <sp:TransportBinding>
- <wsp:Policy>
- <sp:TransportToken>
- <wsp:Policy>
- <sp:HttpsToken RequireClientCertificate="false"/>
- </wsp:Policy>
- </sp:TransportToken>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic128/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- </wsp:Policy>
- </sp:TransportBinding>
- <sp:Wss10>
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedSupportingTokens>
- <wsp:Policy>
- <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssUsernameToken10/>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
- <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
- <sp:OnlySignEntireHeadersAndBody/>
- <sp:EncryptBeforeSigning/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <!-- sp:MustSupportRefKeyIdentifier/-->
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
- <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V1Token11/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDesRsa15/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
- <sp:OnlySignEntireHeadersAndBody/>
- <sp:SignBeforeEncrypting/>
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:SignedParts>
- <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:Policy>
- <!-- sp:MustSupportRefKeyIdentifier/-->
- <sp:MustSupportRefIssuerSerial/>
- </wsp:Policy>
- </sp:Wss10>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-
- <wsp:Policy wsu:Id="DoubleItSignPolicy"
- xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:AsymmetricBinding xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
- <wsp:Policy>
- <sp:InitiatorToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:InitiatorToken>
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
- <wsp:Policy>
- <sp:WssX509V3Token10 />
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256 />
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <sp:Layout>
- <wsp:Policy>
- <sp:Strict />
- </wsp:Policy>
- </sp:Layout>
- <sp:OnlySignEntireHeadersAndBody />
- </wsp:Policy>
- </sp:AsymmetricBinding>
- <sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
- <wsp:Policy>
- <sp:MustSupportRefEmbeddedToken />
- </wsp:Policy>
- </sp:Wss10>
- <sp:SignedParts xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
- <sp:Body />
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
-</wsp:Policy>
-
+ <!--
+ * Licensed to the Apache Software Foundation (ASF) under one * or more
+ contributor license agreements. See the NOTICE file * distributed with
+ this work for additional information * regarding copyright ownership.
+ The ASF licenses this file * to you under the Apache License, Version
+ 2.0 (the * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at * *
+ http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by
+ applicable law or agreed to in writing, * software distributed under
+ the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES
+ OR CONDITIONS OF ANY * KIND, either express or implied. See the
+ License for the * specific language governing permissions and
+ limitations * under the License.
+ -->
+<wsdl:definitions name="DoubleIt"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://cxf.apache.org/policytest/DoubleIt"
+ targetNamespace="http://cxf.apache.org/policytest/DoubleIt" xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
+ xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy">
+ <wsdl:types>
+ <xsd:schema targetNamespace="http://cxf.apache.org/policytest/DoubleIt">
+ <xsd:element name="DoubleIt">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="numberToDouble" type="xsd:integer" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="DoubleItResponse">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="doubledNumber" type="xsd:integer" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:schema>
+ </wsdl:types>
+ <wsdl:message name="DoubleItRequest">
+ <wsdl:part element="tns:DoubleIt" name="parameters" />
+ </wsdl:message>
+ <wsdl:message name="DoubleItResponse">
+ <wsdl:part element="tns:DoubleItResponse" name="parameters" />
+ </wsdl:message>
+ <wsdl:portType name="DoubleItPortType">
+ <wsdl:operation name="DoubleIt">
+ <wsdl:input message="tns:DoubleItRequest" />
+ <wsdl:output message="tns:DoubleItResponse" />
+ </wsdl:operation>
+ </wsdl:portType>
+ <wsdl:binding name="DoubleItBinding" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItBindingPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingEncryptThenSign" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItEncryptThenSignPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingSignThenEncrypt" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSignThenEncryptPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingSign" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItSignPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:binding name="DoubleItBindingXPath" type="tns:DoubleItPortType">
+ <wsp:PolicyReference URI="#DoubleItEncryptXPathPolicy" />
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http" />
+ <wsdl:operation name="DoubleIt">
+ <soap:operation soapAction="" />
+ <wsdl:input>
+ <soap:body use="literal" />
+ </wsdl:input>
+ <wsdl:output>
+ <soap:body use="literal" />
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+ <wsdl:service name="DoubleItService">
+ <wsdl:port name="DoubleItPortHttps" binding="tns:DoubleItBinding">
+ <soap:address location="https://localhost:9009/SecPolTest" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortHttp" binding="tns:DoubleItBinding">
+ <soap:address location="http://localhost:9010/SecPolTest" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortEncryptThenSign" binding="tns:DoubleItBindingEncryptThenSign">
+ <soap:address location="http://localhost:9010/SecPolTestEncryptThenSign" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortSignThenEncrypt" binding="tns:DoubleItBindingSignThenEncrypt">
+ <soap:address location="http://localhost:9010/SecPolTestSignThenEncrypt" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortSign" binding="tns:DoubleItBindingSign">
+ <soap:address location="http://localhost:9010/SecPolTestSign" />
+ </wsdl:port>
+ <wsdl:port name="DoubleItPortXPath" binding="tns:DoubleItBindingXPath">
+ <soap:address location="http://localhost:9010/SecPolTestXPath" />
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policy wsu:Id="DoubleItBindingPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <foo:unknownPolicy xmlns:foo="http://cxf.apache.org/not/a/policy" />
+ </wsp:All>
+ <wsp:All>
+ <wsaws:UsingAddressing xmlns:wsaws="http://www.w3.org/2006/05/addressing/wsdl" />
+ <sp:TransportBinding>
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken RequireClientCertificate="false" />
+ </wsp:Policy>
+ </sp:TransportToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic128 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:TransportBinding>
+ <sp:Wss10>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier />
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedSupportingTokens>
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10 />
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItEncryptThenSignPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V1Token11 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V1Token11 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ <sp:EncryptBeforeSigning />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedParts
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <!-- sp:MustSupportRefKeyIdentifier/-->
+ <sp:MustSupportRefIssuerSerial />
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItSignThenEncryptPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V1Token11 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V1Token11 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:EncryptSignature />
+ <sp:OnlySignEntireHeadersAndBody />
+ <sp:SignBeforeEncrypting />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedParts
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body />
+ </sp:EncryptedParts>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <!-- sp:MustSupportRefKeyIdentifier/-->
+ <sp:MustSupportRefIssuerSerial />
+ </wsp:Policy>
+ </sp:Wss10>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+ <wsp:Policy wsu:Id="DoubleItSignPolicy"
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
+ xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient'>
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always'>
+ <wsp:Policy>
+ <sp:WssX509V3Token10 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+ <wsp:Policy>
+ <sp:MustSupportRefEmbeddedToken />
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts
+ xmlns:sp='http://schemas.xmlsoap.org/ws/2005/07/securitypolicy'>
+ <sp:Body />
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ <wsp:Policy wsu:Id="DoubleItEncryptXPathPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V1Token11 />
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDesRsa15 />
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax />
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp />
+ <sp:OnlySignEntireHeadersAndBody />
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedElements
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:XPath xmlns:example1="http://cxf.apache.org/policytest/DoubleIt">//example1:DoubleIt/numberToDouble</sp:XPath>
+ </sp:EncryptedElements>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
</wsdl:definitions>