| <!-- |
| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| --> |
| <service name="SecureServiceSC1"> |
| |
| <module ref="addressing"/> |
| <module ref="rampart"/> |
| <module ref="rahas"/> |
| |
| <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> |
| |
| <operation name="echo"> |
| <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/> |
| <actionMapping>urn:echo</actionMapping> |
| </operation> |
| |
| <wsp:Policy wsu:Id="SecConvPolicy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> |
| <wsp:ExactlyOne> |
| <wsp:All> |
| <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:ProtectionToken> |
| <wsp:Policy> |
| <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> |
| <wsp:Policy> |
| <sp:RequireDerivedKeys/> |
| <sp:BootstrapPolicy> |
| <wsp:Policy wsu:Id="SigEncrTripleDesRSA15" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> |
| <wsp:ExactlyOne> |
| <wsp:All> |
| <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:InitiatorToken> |
| <wsp:Policy> |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> |
| <wsp:Policy> |
| <sp:WssX509V3Token10/> |
| </wsp:Policy> |
| </sp:X509Token> |
| </wsp:Policy> |
| </sp:InitiatorToken> |
| <sp:RecipientToken> |
| <wsp:Policy> |
| <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> |
| <wsp:Policy> |
| <sp:WssX509V3Token10/> |
| </wsp:Policy> |
| </sp:X509Token> |
| </wsp:Policy> |
| </sp:RecipientToken> |
| <sp:AlgorithmSuite> |
| <wsp:Policy> |
| <sp:TripleDesRsa15/> |
| </wsp:Policy> |
| </sp:AlgorithmSuite> |
| <sp:Layout> |
| <wsp:Policy> |
| <sp:Strict/> |
| </wsp:Policy> |
| </sp:Layout> |
| <sp:IncludeTimestamp/> |
| <sp:OnlySignEntireHeadersAndBody/> |
| </wsp:Policy> |
| </sp:AsymmetricBinding> |
| <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:MustSupportRefKeyIdentifier/> |
| <sp:MustSupportRefIssuerSerial/> |
| </wsp:Policy> |
| </sp:Wss10> |
| <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <sp:Body/> |
| </sp:SignedParts> |
| <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <sp:Body/> |
| </sp:EncryptedParts> |
| </wsp:All> |
| </wsp:ExactlyOne> |
| </wsp:Policy> |
| </sp:BootstrapPolicy> |
| </wsp:Policy> |
| </sp:SecureConversationToken> |
| </wsp:Policy> |
| </sp:ProtectionToken> |
| <sp:AlgorithmSuite> |
| <wsp:Policy> |
| <sp:Basic256/> |
| </wsp:Policy> |
| </sp:AlgorithmSuite> |
| <sp:Layout> |
| <wsp:Policy> |
| <sp:Lax/> |
| </wsp:Policy> |
| </sp:Layout> |
| <sp:IncludeTimestamp/> |
| <sp:EncryptSignature/> |
| <sp:OnlySignEntireHeadersAndBody/> |
| </wsp:Policy> |
| </sp:SymmetricBinding> |
| <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:MustSupportRefKeyIdentifier/> |
| <sp:MustSupportRefIssuerSerial/> |
| </wsp:Policy> |
| </sp:Wss10> |
| <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <wsp:Policy> |
| <sp:MustSupportIssuedTokens/> |
| <sp:RequireClientEntropy/> |
| <sp:RequireServerEntropy/> |
| </wsp:Policy> |
| </sp:Trust10> |
| <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| <sp:Body/> |
| </sp:EncryptedParts> |
| <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> |
| <ramp:user>alice</ramp:user> |
| <ramp:encryptionUser>bob</ramp:encryptionUser> |
| <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass> |
| |
| <ramp:signatureCrypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> |
| </ramp:crypto> |
| </ramp:signatureCrypto> |
| <ramp:encryptionCypto> |
| <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.file">store.jks</ramp:property> |
| <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property> |
| </ramp:crypto> |
| </ramp:encryptionCypto> |
| </ramp:RampartConfig> |
| </wsp:All> |
| </wsp:ExactlyOne> |
| </wsp:Policy> |
| |
| <parameter name="sct-issuer-config"> |
| <sct-issuer-config> |
| <cryptoProperties> |
| <crypto provider="org.apache.ws.security.components.crypto.Merlin"> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property> |
| <property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property> |
| <property name="org.apache.ws.security.crypto.merlin.keystore.password">password</property> |
| </crypto> |
| </cryptoProperties> |
| <addRequestedAttachedRef /> |
| <addRequestedUnattachedRef /> |
| |
| <!-- |
| Key computation mechanism |
| 1 - Use Request Entropy |
| 2 - Provide Entropy |
| 3 - Use Own Key |
| --> |
| <keyComputation>3</keyComputation> |
| |
| <!-- |
| proofKeyType element is valid only if the keyComputation is set to 3 |
| i.e. Use Own Key |
| |
| Valid values are: EncryptedKey & BinarySecret |
| --> |
| <proofKeyType>BinarySecret</proofKeyType> |
| </sct-issuer-config> |
| </parameter> |
| |
| <parameter name="token-canceler-config"> |
| <token-canceler-config> |
| <!--<proofToken>EncryptedKey</proofToken>--> |
| <!--<cryptoProperties>sctIssuer.properties</cryptoProperties>--> |
| <!--<addRequestedAttachedRef />--> |
| </token-canceler-config> |
| </parameter> |
| |
| |
| </service> |