| <service name="KerberosOverTransportPWCB"> |
| |
| <module ref="addressing" /> |
| <module ref="rampart" /> |
| |
| <parameter locked="false" name="ServiceClass">org.apache.rampart.Service</parameter> |
| |
| <transports> |
| <transport>https</transport> |
| </transports> |
| |
| <operation name="echo"> |
| <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" /> |
| <actionMapping>urn:echo</actionMapping> |
| </operation> |
| |
| <operation name="returnError"> |
| <messageReceiver class="org.apache.axis2.receivers.RawXMLINOutMessageReceiver" /> |
| <actionMapping>urn:returnError</actionMapping> |
| </operation> |
| |
| <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> |
| |
| <wsp:AppliesTo> |
| <policy-subject identifier="binding:soap" /> |
| <policy-subject identifier="binding:soap12" /> |
| </wsp:AppliesTo> |
| |
| <wsp:Policy wsu:Id="KerberosOverTransport" |
| xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" |
| xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" |
| xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> |
| |
| <wsp:ExactlyOne> |
| <wsp:All> |
| <sp:TransportBinding> |
| <wsp:Policy> |
| <sp:TransportToken> |
| <wsp:Policy> |
| <sp:HttpsToken /> |
| </wsp:Policy> |
| </sp:TransportToken> |
| <sp:AlgorithmSuite> |
| <wsp:Policy> |
| <sp:Basic128 /> |
| </wsp:Policy> |
| </sp:AlgorithmSuite> |
| <sp:IncludeTimestamp /> |
| </wsp:Policy> |
| </sp:TransportBinding> |
| <sp:EndorsingSupportingTokens> |
| <wsp:Policy> |
| <sp:KerberosToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once"> |
| <wsp:Policy> |
| <sp:WssGssKerberosV5ApReqToken11 /> |
| </wsp:Policy> |
| </sp:KerberosToken> |
| </wsp:Policy> |
| </sp:EndorsingSupportingTokens> |
| <sp:Wss11> |
| <wsp:Policy /> |
| </sp:Wss11> |
| <wsaw:UsingAddressing /> |
| |
| <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy"> |
| <rampart:user>alice</rampart:user> |
| <rampart:passwordCallbackClass>org.apache.rampart.PWCallback</rampart:passwordCallbackClass> |
| |
| <rampart:kerberosConfig> |
| <rampart:jaasContext>KerberosOverTransportPWCB</rampart:jaasContext> |
| <rampart:servicePrincipalNameForm>username</rampart:servicePrincipalNameForm> |
| <rampart:kerberosTokenDecoderClass>org.apache.rampart.util.KerberosTokenDecoderImpl</rampart:kerberosTokenDecoderClass> |
| </rampart:kerberosConfig> |
| </rampart:RampartConfig> |
| </wsp:All> |
| </wsp:ExactlyOne> |
| </wsp:Policy> |
| |
| </wsp:PolicyAttachment> |
| |
| <!-- Configure SPN using addressingIdentity extensibility element --> |
| <parameter name="addressingIdentity"> |
| <Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity"> |
| <Upn>bob@EXAMPLE.COM</Upn> |
| </Identity> |
| </parameter> |
| |
| </service> |