modules/rampart-samples/policy/sample06/services.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
 !
 ! Copyright 2006 The Apache Software Foundation.
 !
 ! Licensed under the Apache License, Version 2.0 (the "License");
 ! you may not use this file except in compliance with the License.
 ! You may obtain a copy of the License at
 !
 !      http://www.apache.org/licenses/LICENSE-2.0
 !
 ! Unless required by applicable law or agreed to in writing, software
 ! distributed under the License is distributed on an "AS IS" BASIS,
 ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 ! See the License for the specific language governing permissions and
 ! limitations under the License.
 !-->
<!-- services.xml of Sample 06 : Trust sample with mex -->
<serviceGroup>
<service name="STS">	
	<module ref="rampart" />
	<module ref="addressing" />
	<module ref="rahas" />
	<parameter name="saml-issuer-config">
		<saml-issuer-config>
			<issuerName>SAMPLE_STS</issuerName>
			<issuerKeyAlias>sts</issuerKeyAlias>
			<issuerKeyPassword>apache</issuerKeyPassword>
            		<cryptoProperties>
               			<crypto provider="org.apache.ws.security.components.crypto.Merlin">
                    		<property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</property>
                    		<property name="org.apache.ws.security.crypto.merlin.file">sts.jks</property>
                    		<property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</property>
                		</crypto>
            		</cryptoProperties>
            		<timeToLive>300000</timeToLive>
			<keySize>256</keySize>
			<addRequestedAttachedRef />
			<addRequestedUnattachedRef />

            <!--
               Key computation mechanism
               1 - Use Request Entropy
               2 - Provide Entropy
               3 - Use Own Key
            -->
            	<keyComputation>2</keyComputation>

            <!--
               proofKeyType element is valid only if the keyComputation is set to 3
               i.e. Use Own Key

               Valid values are: EncryptedKey & BinarySecret
            -->
            		<proofKeyType>BinarySecret</proofKeyType>
            		<trusted-services>
				<!--  <service alias="sts">http://localhost:8090/axis2/services/sample06/</service> -->
				<service alias="sts">*</service>
			</trusted-services>
		</saml-issuer-config>
    		</parameter>

	<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
		<wsp:ExactlyOne>
		  <wsp:All>
				<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:InitiatorToken>
							<wsp:Policy>
								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
									<wsp:Policy>
										<sp:WssX509V3Token10/>
									</wsp:Policy>
								</sp:X509Token>
							</wsp:Policy>
						</sp:InitiatorToken>
						<sp:RecipientToken>
							<wsp:Policy>
								<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
									<wsp:Policy>
										<sp:WssX509V3Token10/>
									</wsp:Policy>
								</sp:X509Token>
							</wsp:Policy>
						</sp:RecipientToken>
						<sp:AlgorithmSuite>
							<wsp:Policy>
								<sp:TripleDesRsa15/>
							</wsp:Policy>
						</sp:AlgorithmSuite>
						<sp:Layout>
							<wsp:Policy>
								<sp:Strict/>
							</wsp:Policy>
						</sp:Layout>
						<sp:IncludeTimestamp/>
						<sp:OnlySignEntireHeadersAndBody/>
					</wsp:Policy>
				</sp:AsymmetricBinding>
				<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:MustSupportRefKeyIdentifier/>
						<sp:MustSupportRefIssuerSerial/>
					</wsp:Policy>
				</sp:Wss10>
				<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<sp:Body/>
				</sp:SignedParts>
	
				<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
					<ramp:user>sts</ramp:user>
					<ramp:encryptionUser>client</ramp:encryptionUser>
					<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
					
					<ramp:signatureCrypto>
						<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.file">sts.jks</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
						</ramp:crypto>
					</ramp:signatureCrypto>


		</ramp:RampartConfig>
	
		  </wsp:All>
		</wsp:ExactlyOne>
	</wsp:Policy>


</service>
<service name="sample06">
	<operation name="echo">
		<messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
	</operation>    
	<parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.SimpleService</parameter>
	
	<module ref="rampart" />
	<module ref="addressing" />
	
	<wsp:Policy wsu:Id="SgnOnlyAnonymous"
		xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
		xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
		xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
		xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<wsp:ExactlyOne>
		<wsp:All>
			<sp:SymmetricBinding>
				<wsp:Policy>
					<sp:ProtectionToken>
						<wsp:Policy>
							<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
								<wsp:Policy>
									<sp:RequireThumbprintReference/>
									<sp:WssX509V3Token10/>
								</wsp:Policy>
							</sp:X509Token>
						</wsp:Policy>
					</sp:ProtectionToken>
					<sp:AlgorithmSuite>
						<wsp:Policy>
							<sp:Basic128/>
						</wsp:Policy>
					</sp:AlgorithmSuite>
					<sp:Layout>
						<wsp:Policy>
							<sp:Lax/>
						</wsp:Policy>
					</sp:Layout>
					<sp:IncludeTimestamp/>
					<sp:OnlySignEntireHeadersAndBody/>
				</wsp:Policy>
			</sp:SymmetricBinding>
			<sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
					<wsp:Policy>
						<sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
							<Issuer xmlns="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
								<Address xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8090/axis2/services/STS</Address>
							    <Metadata xmlns="http://www.w3.org/2005/08/addressing">
                                    <mex:Metadata
                                        xmlns:mex="http://schemas.xmlsoap.org/ws/2004/09/mex"
                                        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                                        <mex:MetadataSection Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex">
                                            <mex:MetadataReference>
                                                <Address
                                                    xmlns="http://www.w3.org/2005/08/addressing">http://localhost:8080/axis2/services/mex</Address>
                                            </mex:MetadataReference>
                                        </mex:MetadataSection>
                                    </mex:Metadata>
                                </Metadata>
							</Issuer>
							<sp:RequestSecurityTokenTemplate>
								<t:TokenType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
								<t:KeyType xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
								<t:KeySize xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">256</t:KeySize>
							</sp:RequestSecurityTokenTemplate>
							<wsp:Policy>
								<sp:RequireInternalReference/>
							</wsp:Policy>
						</sp:IssuedToken>
					</wsp:Policy>
		     </sp:SupportingTokens>
			<sp:SignedParts>
				<sp:Body/>
			</sp:SignedParts>
			<sp:Wss11>
				<wsp:Policy>
					<sp:MustSupportRefKeyIdentifier/>
					<sp:MustSupportRefIssuerSerial/>
					<sp:MustSupportRefThumbprint/>
					<sp:MustSupportRefEncryptedKey/>
				<sp:RequireSignatureConfirmation/>
				</wsp:Policy>
			</sp:Wss11>
			<sp:Trust10>
				<wsp:Policy>
					<sp:MustSupportIssuedTokens/>
					<sp:RequireClientEntropy/>
					<sp:RequireServerEntropy/>
				</wsp:Policy>
			</sp:Trust10>
				<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> 
					<ramp:user>service</ramp:user>
					<ramp:encryptionUser>client</ramp:encryptionUser>
					<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample06.PWCBHandler</ramp:passwordCallbackClass>
					
					<ramp:signatureCrypto>
						<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
							<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
						</ramp:crypto>
					</ramp:signatureCrypto>
		</ramp:RampartConfig>
		</wsp:All>
	</wsp:ExactlyOne>
</wsp:Policy>
	
</service>
<service name="mex">
    
        <operation name="get">
            <actionMapping>http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request</actionMapping>
            <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver"/>
        </operation>
        <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample06.MexService</parameter>

    </service>

</serviceGroup>