modules/rampart-samples/policy/sample07/policy.xml - axis-axis2-java-rampart - Git at Google

 <wsp:Policy wsu:Id="SigEncrWithMultipleKeys"
 	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
 	xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
 	<wsp:ExactlyOne>
 		<wsp:All>
 			<sp:AsymmetricBinding
 				xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 				<wsp:Policy>
 					<sp:InitiatorToken>
 						<wsp:Policy>
 							<sp:X509Token
 								sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
 								<wsp:Policy>
 									<sp:RequireThumbprintReference />
 									<sp:WssX509V3Token10 />
 								</wsp:Policy>
 							</sp:X509Token>
 						</wsp:Policy>
 					</sp:InitiatorToken>
 					<sp:RecipientToken>
 						<wsp:Policy>
 							<sp:X509Token
 								sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
 								<wsp:Policy>
 									<sp:RequireThumbprintReference />
 									<sp:WssX509V3Token10 />
 								</wsp:Policy>
 							</sp:X509Token>
 						</wsp:Policy>
 					</sp:RecipientToken>
 					<sp:AlgorithmSuite>
 						<wsp:Policy>
 							<sp:TripleDesRsa15 />
 						</wsp:Policy>
 					</sp:AlgorithmSuite>
 					<sp:Layout>
 						<wsp:Policy>
 							<sp:Strict />
 						</wsp:Policy>
 					</sp:Layout>
 					<sp:IncludeTimestamp />
 					<sp:OnlySignEntireHeadersAndBody />
 				</wsp:Policy>
 			</sp:AsymmetricBinding>
 			<sp:SupportingTokens
 				xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 				<wsp:Policy>
 					<sp:X509Token
 						sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
 						<wsp:Policy>
 							<sp:RequireThumbprintReference />
 							<sp:WssX509V3Token10 />
 							<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
 								<ramp:userCertAlias>client2</ramp:userCertAlias>
 								<ramp:encryptionUser>service</ramp:encryptionUser>
 							</ramp:RampartConfig>
 						</wsp:Policy>
 					</sp:X509Token>
 					<sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 						xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
 						xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 						<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
 					</sp:EncryptedElements>
 					<sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 						xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
 						xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 						<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
 					</sp:SignedElements>
 				</wsp:Policy>
 			</sp:SupportingTokens>
 			<sp:SupportingTokens
 				xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 				<wsp:Policy>
 					<sp:X509Token
 						sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
 						<wsp:Policy>
 							<sp:RequireThumbprintReference />
 							<sp:WssX509V3Token10 />
 							<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
 								<ramp:userCertAlias>client</ramp:userCertAlias>
 								<ramp:encryptionUser>service</ramp:encryptionUser>
 							</ramp:RampartConfig>
 						</wsp:Policy>
 					</sp:X509Token>
 					<sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 						xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
 						xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 						<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
 					</sp:EncryptedElements>
 					<sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
 						xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
 						xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 						<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
 					</sp:SignedElements>
 				</wsp:Policy>
 			</sp:SupportingTokens>
 			<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
 				<wsp:Policy>
 					<sp:MustSupportRefKeyIdentifier />
 					<sp:MustSupportRefIssuerSerial />
 				</wsp:Policy>
 			</sp:Wss10>
 			<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
 				<ramp:user>client</ramp:user>
 				<ramp:encryptionUser>service</ramp:encryptionUser>
 				<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample07.PWCBHandler</ramp:passwordCallbackClass>
 				<ramp:signatureCrypto>
 					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
 						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
 						<ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
 						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
 					</ramp:crypto>
 				</ramp:signatureCrypto>
 				<ramp:encryptionCypto>
 					<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
 						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
 						<ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
 						<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
 					</ramp:crypto>
 				</ramp:encryptionCypto>
 			</ramp:RampartConfig>
 		</wsp:All>
 	</wsp:ExactlyOne>
 </wsp:Policy>
	<wsp:Policy wsu:Id="SigEncrWithMultipleKeys"
	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
	xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
	<wsp:ExactlyOne>
	<wsp:All>
	<sp:AsymmetricBinding
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<wsp:Policy>
	<sp:InitiatorToken>
	<wsp:Policy>
	<sp:X509Token
	sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
	<wsp:Policy>
	<sp:RequireThumbprintReference />
	<sp:WssX509V3Token10 />
	</wsp:Policy>
	</sp:X509Token>
	</wsp:Policy>
	</sp:InitiatorToken>
	<sp:RecipientToken>
	<wsp:Policy>
	<sp:X509Token
	sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
	<wsp:Policy>
	<sp:RequireThumbprintReference />
	<sp:WssX509V3Token10 />
	</wsp:Policy>
	</sp:X509Token>
	</wsp:Policy>
	</sp:RecipientToken>
	<sp:AlgorithmSuite>
	<wsp:Policy>
	<sp:TripleDesRsa15 />
	</wsp:Policy>
	</sp:AlgorithmSuite>
	<sp:Layout>
	<wsp:Policy>
	<sp:Strict />
	</wsp:Policy>
	</sp:Layout>
	<sp:IncludeTimestamp />
	<sp:OnlySignEntireHeadersAndBody />
	</wsp:Policy>
	</sp:AsymmetricBinding>
	<sp:SupportingTokens
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<wsp:Policy>
	<sp:X509Token
	sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
	<wsp:Policy>
	<sp:RequireThumbprintReference />
	<sp:WssX509V3Token10 />
	<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
	<ramp:userCertAlias>client2</ramp:userCertAlias>
	<ramp:encryptionUser>service</ramp:encryptionUser>
	</ramp:RampartConfig>
	</wsp:Policy>
	</sp:X509Token>
	<sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
	</sp:EncryptedElements>
	<sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath>
	</sp:SignedElements>
	</wsp:Policy>
	</sp:SupportingTokens>
	<sp:SupportingTokens
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<wsp:Policy>
	<sp:X509Token
	sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
	<wsp:Policy>
	<sp:RequireThumbprintReference />
	<sp:WssX509V3Token10 />
	<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
	<ramp:userCertAlias>client</ramp:userCertAlias>
	<ramp:encryptionUser>service</ramp:encryptionUser>
	</ramp:RampartConfig>
	</wsp:Policy>
	</sp:X509Token>
	<sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
	</sp:EncryptedElements>
	<sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:ns="http://sample07.policy.samples.rampart.apache.org"
	xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath>
	</sp:SignedElements>
	</wsp:Policy>
	</sp:SupportingTokens>
	<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
	<wsp:Policy>
	<sp:MustSupportRefKeyIdentifier />
	<sp:MustSupportRefIssuerSerial />
	</wsp:Policy>
	</sp:Wss10>
	<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
	<ramp:user>client</ramp:user>
	<ramp:encryptionUser>service</ramp:encryptionUser>
	<ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample07.PWCBHandler</ramp:passwordCallbackClass>
	<ramp:signatureCrypto>
	<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
	<ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
	</ramp:crypto>
	</ramp:signatureCrypto>
	<ramp:encryptionCypto>
	<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
	<ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
	<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache</ramp:property>
	</ramp:crypto>
	</ramp:encryptionCypto>
	</ramp:RampartConfig>
	</wsp:All>
	</wsp:ExactlyOne>
	</wsp:Policy>