RAMPART-339: Add sample 09 with different security policies for request and response. Based on a patch provided by Hasini Gunasinghe.
diff --git a/modules/rampart-samples/policy/build.xml b/modules/rampart-samples/policy/build.xml
index d208dc9..e9f6dea 100644
--- a/modules/rampart-samples/policy/build.xml
+++ b/modules/rampart-samples/policy/build.xml
@@ -128,6 +128,16 @@
<create.and.run.client sample.number="08"/>
</target>
+ <!--Sample Service 09-->
+ <target name="service.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.service.repo sample.number="09"/>
+ </target>
+
+ <!--Sample Client 09-->
+ <target name="client.09" if="env.AXIS2_HOME" depends="check.dependency">
+ <create.and.run.client sample.number="09"/>
+ </target>
+
<target name="setup">
<mkdir dir="${endorsed.dir}"/>
<get src="http://repo2.maven.org/maven2/xerces/xercesImpl/2.9.1/xercesImpl-2.9.1.jar"
@@ -295,7 +305,10 @@
<copy file="${keys.dir}/client.jks" tofile="${temp.client.dir}/client.jks" overwrite="true"/>
<copy file="${keys.dir}/client.properties" tofile="${temp.client.dir}/client.properties" overwrite="true"/>
- <copy file="sample@{sample.number}/policy.xml" tofile="${temp.client.dir}/policy.xml" overwrite="true">
+ <copy todir="${temp.client.dir}" overwrite="true">
+ <fileset dir="sample@{sample.number}">
+ <include name="*policy*.xml"/>
+ </fileset>
<filterset>
<filter token="port" value="${client.port}"/>
</filterset>
diff --git a/modules/rampart-samples/policy/sample09/README.txt b/modules/rampart-samples/policy/sample09/README.txt
new file mode 100644
index 0000000..67955cf
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/README.txt
@@ -0,0 +1,4 @@
+Different security policies to secure request and response messages.
+
+1. Request message is secured with encrypt only policy with symmetric binding.
+2. Response message is secured with sign only policy with symmetric binding.
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample09/client_in_policy.xml b/modules/rampart-samples/policy/sample09/client_in_policy.xml
new file mode 100644
index 0000000..1f3ce97
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/client_in_policy.xml
@@ -0,0 +1,70 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ wsu:Id="SignOnly">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ <sp:MustSupportIssuedTokens/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample09/client_out_policy.xml b/modules/rampart-samples/policy/sample09/client_out_policy.xml
new file mode 100644
index 0000000..48de841
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/client_out_policy.xml
@@ -0,0 +1,79 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ wsu:Id="EncryptOnly">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts
+ xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ <sp:MustSupportIssuedTokens/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>client</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">client.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
diff --git a/modules/rampart-samples/policy/sample09/services.xml b/modules/rampart-samples/policy/sample09/services.xml
new file mode 100644
index 0000000..f3cf087
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/services.xml
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Licensed to the Apache Software Foundation (ASF) under one
+ ~ or more contributor license agreements. See the NOTICE file
+ ~ distributed with this work for additional information
+ ~ regarding copyright ownership. The ASF licenses this file
+ ~ to you under the Apache License, Version 2.0 (the
+ ~ "License"); you may not use this file except in compliance
+ ~ with the License. You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing,
+ ~ software distributed under the License is distributed on an
+ ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ ~ KIND, either express or implied. See the License for the
+ ~ specific language governing permissions and limitations
+ ~ under the License.
+ -->
+<!-- services.xml for sample09 with different in,out policies -->
+<service>
+ <operation name="echo">
+ <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/>
+ </operation>
+ <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample09.SimpleService</parameter>
+
+ <module ref="rampart"/>
+ <module ref="addressing"/>
+
+ <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:AppliesTo>
+ <policy-subject identifier="binding:soap11/operation:echo/in"/>
+ <policy-subject identifier="binding:soap12/operation:echo/in"/>
+ </wsp:AppliesTo>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ wsu:Id="EncryptOnly">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ <sp:MustSupportIssuedTokens/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:encryptionCypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ </ramp:RampartConfig>
+
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </wsp:PolicyAttachment>
+ <wsp:PolicyAttachment xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:AppliesTo>
+ <policy-subject identifier="binding:soap11/operation:echo/out"/>
+ <policy-subject identifier="binding:soap12/operation:echo/out"/>
+ </wsp:AppliesTo>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ wsu:Id="SignOnly">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:RequireSignatureConfirmation/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ <sp:MustSupportIssuedTokens/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
+ <ramp:user>service</ramp:user>
+ <ramp:encryptionUser>service</ramp:encryptionUser>
+ <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample09.PWCBHandler
+ </ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property>
+ <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache
+ </ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+
+ </ramp:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </wsp:PolicyAttachment>
+
+</service>
\ No newline at end of file
diff --git a/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/Client.java b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/Client.java
new file mode 100644
index 0000000..62f3dcd
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/Client.java
@@ -0,0 +1,84 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.samples.policy.sample09;
+
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMNamespace;
+import org.apache.axiom.om.OMXMLBuilderFactory;
+import org.apache.axiom.om.OMXMLParserWrapper;
+import org.apache.axis2.addressing.EndpointReference;
+import org.apache.axis2.client.Options;
+import org.apache.axis2.client.ServiceClient;
+import org.apache.axis2.context.ConfigurationContext;
+import org.apache.axis2.context.ConfigurationContextFactory;
+import org.apache.neethi.Policy;
+import org.apache.neethi.PolicyEngine;
+import org.apache.rampart.RampartMessageData;
+
+import java.io.File;
+import java.io.FileInputStream;
+
+public class Client {
+
+ public static void main(String[] args) throws Exception {
+
+ if(args.length != 3) {
+ System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
+ }
+
+ ConfigurationContext ctx = ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);
+
+ ServiceClient client = new ServiceClient(ctx, null);
+ Options options = new Options();
+ options.setAction("urn:echo");
+ options.setTo(new EndpointReference(args[0]));
+ //load and attach in/out sec policies
+ File policyPath= new File(args[2]).getParentFile();
+ options.setProperty(RampartMessageData.KEY_RAMPART_IN_POLICY, loadPolicy(new File(policyPath, "client_in_policy.xml")));
+ options.setProperty(RampartMessageData.KEY_RAMPART_OUT_POLICY, loadPolicy(new File(policyPath, "/client_out_policy.xml")));
+ client.setOptions(options);
+
+ client.engageModule("addressing");
+ client.engageModule("rampart");
+
+ OMElement response = client.sendReceive(getPayload("Hello world"));
+
+ System.out.println(response);
+
+ }
+
+ private static Policy loadPolicy(File xmlPath) throws Exception {
+ OMXMLParserWrapper builder = OMXMLBuilderFactory.createOMBuilder(new FileInputStream(xmlPath));
+ return PolicyEngine.getPolicy(builder.getDocumentElement());
+ }
+
+ private static OMElement getPayload(String value) {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMNamespace ns = factory.createOMNamespace("http://sample09.policy.samples.rampart.apache.org","ns1");
+ OMElement elem = factory.createOMElement("echo", ns);
+ OMElement childElem = factory.createOMElement("param0", ns);
+ childElem.setText(value);
+ elem.addChild(childElem);
+
+ return elem;
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java
new file mode 100644
index 0000000..2d62ae1
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/PWCBHandler.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.samples.policy.sample09;
+
+import org.apache.ws.security.WSPasswordCallback;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import java.io.IOException;
+
+public class PWCBHandler implements CallbackHandler {
+
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
+ String id = pwcb.getIdentifier();
+ if("client".equals(id)) {
+ pwcb.setPassword("apache");
+ } else if("service".equals(id)) {
+ pwcb.setPassword("apache");
+ }
+ }
+ }
+
+}
diff --git a/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/SimpleService.java b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/SimpleService.java
new file mode 100644
index 0000000..e1a56c4
--- /dev/null
+++ b/modules/rampart-samples/policy/sample09/src/org/apache/rampart/samples/policy/sample09/SimpleService.java
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.rampart.samples.policy.sample09;
+
+public class SimpleService {
+ public String echo(String arg) {
+ return arg;
+ }
+}
diff --git a/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java b/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
index 03238c1..1a1427b 100644
--- a/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
+++ b/modules/rampart-samples/src/test/java/org/apache/rampart/samples/runner/SampleTest.java
@@ -44,6 +44,7 @@
suite.addTest(new SampleTest("policy", "06"));
suite.addTest(new SampleTest("policy", "07"));
suite.addTest(new SampleTest("policy", "08"));
+ suite.addTest(new SampleTest("policy", "09"));
return suite;
}
}
diff --git a/src/site/resources/samples/msgs/req09.xml b/src/site/resources/samples/msgs/req09.xml
new file mode 100644
index 0000000..ca9cc80
--- /dev/null
+++ b/src/site/resources/samples/msgs/req09.xml
@@ -0,0 +1,59 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-1">
+ <wsu:Created>2011-10-02T17:02:00.891Z</wsu:Created>
+ <wsu:Expires>2011-10-02T17:07:00.891Z</wsu:Expires>
+ </wsu:Timestamp>
+ <xenc:EncryptedKey Id="EncKeyId-217C2EC3C2E291A44313175749217822">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference>
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1">aqePjuZzE1lzwMMtquksvNJsbmI=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>dcU0PS/8bZjpJ1u5Mey5oytQNdNj+Naq+1cMnEv4abN/BP6RDURGv+4+XT1uIHSU4G7FpspJ+U06fa4VeqNyCfAq2SDul6WzPLRTQ3qRdiHARBpR8kI5YrOWXmTR/nl5yzz03NC51GGqA+R6X1CwpuXDrCbcz3CsE+TQduFHtlM=</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedKey>
+ <xenc:ReferenceList>
+ <xenc:DataReference URI="#EncDataId-3" />
+ </xenc:ReferenceList>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-2">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <ds:Reference URI="#Timestamp-1">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>nJA1OmoBVIEcnsJBZEadzN6UJs0=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>pf4BJD5Qiv8Z+oqs7I+D13D0Oz8=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-217C2EC3C2E291A44313175749218033">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-217C2EC3C2E291A44313175749218034">
+ <wsse:Reference URI="#EncKeyId-217C2EC3C2E291A44313175749217822" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:To>http://localhost:8081/axis2/services/sample09</wsa:To>
+ <wsa:MessageID>urn:uuid:2f08b4d8-4a46-439c-bd89-e6eb0a6f227c</wsa:MessageID>
+ <wsa:Action>urn:echo</wsa:Action>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-2030128673">
+ <xenc:EncryptedData Id="EncDataId-3" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
+ <wsse:Reference URI="#EncKeyId-217C2EC3C2E291A44313175749217822" />
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ <xenc:CipherData>
+ <xenc:CipherValue>oUOJCeKFAGyuKdMDjUDB2n3NjcHC8udPl+ZWHwwKOttJSt/IlthXipCs62Gnn8gmzLi4DT0LnwhI9/vwUbulFjuPRENIs3D+IRu8mrL+UgxIYnkn44qKR/hYIOR/bY6SyLkbKlITAatDtJafqz5rs6IdSOQ/07s+JQImBYDQD7dxBtXsJw/0TBb78VeSIl+VWsQDDSf+PSxZLAWCQYQZRBXPMWxQ+lm7ArS2rLIswPoS6D9PwyHJDDmcJ5A4C2DTSu/IgTvM6wj7spLIjGL1nGa4kRmg71bwHpZ4aKNOrslNuDOldrPPuDxNiuSijX/lhbHMHOCYg/YJP2SbhWfVLkFmRqFbQFdoyYqbM+s/pweclcAIWVaLlvu003shSBqrvgfXUPFKH3vUDOsM/jD2iOKOpAc+hdKqWVKIUjjyBVZNSQ2DX+9XBeL5VWECgRC0</xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </soapenv:Body>
+</soapenv:Envelope>
diff --git a/src/site/resources/samples/msgs/res09.xml b/src/site/resources/samples/msgs/res09.xml
new file mode 100644
index 0000000..b2ba53e
--- /dev/null
+++ b/src/site/resources/samples/msgs/res09.xml
@@ -0,0 +1,51 @@
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+ <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
+ <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1">
+ <wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-4">
+ <wsu:Created>2011-10-02T17:02:01.986Z</wsu:Created>
+ <wsu:Expires>2011-10-02T17:07:01.986Z</wsu:Expires>
+ </wsu:Timestamp>
+ <wsse11:SignatureConfirmation xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="pf4BJD5Qiv8Z+oqs7I+D13D0Oz8=" wsu:Id="SigConf-5" />
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-6">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <ds:Reference URI="#Id-2097953288">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>G/7ZztG0V1Kmv0wm+mzgymHcOyo=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#Timestamp-4">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>1wuRtmA8p7YYbLHbGZCg/zwoLbI=</ds:DigestValue>
+ </ds:Reference>
+ <ds:Reference URI="#SigConf-5">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <ds:DigestValue>S1DcEeIgKXsIRXEFarD4mV2+2q0=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>r8Rlddsga6YTXf2iVLKA7TK8rGg=</ds:SignatureValue>
+ <ds:KeyInfo Id="KeyId-297B8911F2D33E5F7213175749219873">
+ <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-297B8911F2D33E5F7213175749219874">
+ <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1">BaA/2+IZ8kYoENnGHL4K7unfywk=</wsse:KeyIdentifier>
+ </wsse:SecurityTokenReference>
+ </ds:KeyInfo>
+ </ds:Signature>
+ </wsse:Security>
+ <wsa:Action>urn:echoResponse</wsa:Action>
+ <wsa:RelatesTo>urn:uuid:2f08b4d8-4a46-439c-bd89-e6eb0a6f227c</wsa:RelatesTo>
+ </soapenv:Header>
+ <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Id-2097953288">
+ <ns:echoResponse xmlns:ns="http://sample09.policy.samples.rampart.apache.org">
+ <ns:return>Hello world</ns:return>
+ </ns:echoResponse>
+ </soapenv:Body>
+</soapenv:Envelope>