modules/rampart-samples/policy/sample09/client_out_policy.xml

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            wsu:Id="EncryptOnly">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SymmetricBinding
                    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:ProtectionToken>
                        <wsp:Policy>
                            <sp:X509Token
                                    sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                    <sp:WssX509V3Token10/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:ProtectionToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                    <sp:OnlySignEntireHeadersAndBody/>
                </wsp:Policy>
            </sp:SymmetricBinding>
            <sp:EncryptedParts
                    xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <sp:Body/>
            </sp:EncryptedParts>
            <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:MustSupportRefKeyIdentifier/>
                    <sp:MustSupportRefIssuerSerial/>
                    <sp:MustSupportRefThumbprint/>
                    <sp:RequireSignatureConfirmation/>
                </wsp:Policy>
            </sp:Wss11>
            <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:RequireClientEntropy/>
                    <sp:RequireServerEntropy/>
                    <sp:MustSupportIssuedTokens/>
                </wsp:Policy>
            </sp:Trust10>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>client</ramp:user>
                <ramp:encryptionUser>service</ramp:encryptionUser>
                <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
                </ramp:passwordCallbackClass>

                <ramp:encryptionCypto>
                    <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
                        </ramp:property>
                    </ramp:crypto>
                </ramp:encryptionCypto>
                <ramp:signatureCrypto>
                    <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
                        </ramp:property>
                    </ramp:crypto>
                </ramp:signatureCrypto>
            </ramp:RampartConfig>

        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>