1_5/modules/rampart-integration/src/test/resources/rampart/policy/25.xml

<wsp:Policy wsu:Id="SignedEncryptedElementsEncryptBeforeSigning"
            xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
            xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
            xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
            xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:SymmetricBinding>
                <wsp:Policy>
                    <sp:ProtectionToken>
                        <wsp:Policy>
                            <sp:X509Token
                                    sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
                                <wsp:Policy>
                                    <sp:RequireThumbprintReference/>
                                    <sp:WssX509V3Token10/>
                                </wsp:Policy>
                            </sp:X509Token>
                        </wsp:Policy>
                    </sp:ProtectionToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:EncryptBeforeSigning/>
                    <sp:IncludeTimestamp/>
                    <sp:OnlySignEntireHeadersAndBody/>
                </wsp:Policy>
            </sp:SymmetricBinding>
            <sp:SignedElements>
                <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
            </sp:SignedElements>
            <sp:EncryptedElements>
                <sp:XPath xmlns:example1="http://example1.org/example1">//example1:Text</sp:XPath>
            </sp:EncryptedElements>
            <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
                <ramp:user>alice</ramp:user>
                <ramp:encryptionUser>bob</ramp:encryptionUser>
                <ramp:passwordCallbackClass>org.apache.rampart.PWCallback</ramp:passwordCallbackClass>

                <ramp:signatureCrypto>
                    <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
                        </ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
                        </ramp:property>
                    </ramp:crypto>
                </ramp:signatureCrypto>
                <ramp:encryptionCypto>
                    <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.file">rampart/store.jks
                        </ramp:property>
                        <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password
                        </ramp:property>
                    </ramp:crypto>
                </ramp:encryptionCypto>
            </ramp:RampartConfig>
        </wsp:All>
    </wsp:ExactlyOne>
</wsp:Policy>