<?xml version="1.0"?> | |
<!-- This configuration file is used for configuration of the org.apache.wss4j --> | |
<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/configuration" xmlns:xi="http://www.w3.org/2001/XInclude"> | |
<Properties> | |
<Property NAME="securityTokenFactory" VAL="org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl"/> | |
<Property NAME="MaximumAllowedDecompressedBytes" VAL="104857600"/> | |
<xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:Properties/c:Property[@NAME!='securityTokenFactory'])"/> | |
<Property NAME="AllowNotSameDocumentReferences" VAL="true"/> | |
</Properties> | |
<SecurityHeaderHandlers> | |
<Handler NAME="BinarySecurityToken" | |
URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.BinarySecurityTokenInputHandler"/> | |
<Handler NAME="EncryptedKey" | |
URI="http://www.w3.org/2001/04/xmlenc#" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSEncryptedKeyInputHandler"/> | |
<Handler NAME="ReferenceList" | |
URI="http://www.w3.org/2001/04/xmlenc#" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.ReferenceListInputHandler"/> | |
<Handler NAME="EncryptedData" | |
URI="http://www.w3.org/2001/04/xmlenc#" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.EncryptedDataInputHandler"/> | |
<Handler NAME="Signature" | |
URI="http://www.w3.org/2000/09/xmldsig#" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSSignatureInputHandler"/> | |
<Handler NAME="Timestamp" | |
URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.TimestampInputHandler"/> | |
<Handler NAME="UsernameToken" | |
URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.UsernameTokenInputHandler"/> | |
<Handler NAME="SignatureConfirmation" | |
URI="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SignatureConfirmationInputHandler"/> | |
<Handler NAME="SecurityTokenReference" | |
URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityTokenReferenceInputHandler"/> | |
<Handler NAME="Assertion" | |
URI="urn:oasis:names:tc:SAML:1.0:assertion" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/> | |
<Handler NAME="Assertion" | |
URI="urn:oasis:names:tc:SAML:2.0:assertion" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/> | |
<Handler NAME="SecurityContextToken" | |
URI="http://schemas.xmlsoap.org/ws/2005/02/sc" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/> | |
<Handler NAME="SecurityContextToken" | |
URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/> | |
<Handler NAME="DerivedKeyToken" | |
URI="http://schemas.xmlsoap.org/ws/2005/02/sc" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/> | |
<Handler NAME="DerivedKeyToken" | |
URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512" | |
JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/> | |
</SecurityHeaderHandlers> | |
<TransformAlgorithms> | |
<!-- STR-Transformer --> | |
<TransformAlgorithm URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform" | |
JAVACLASS="org.apache.wss4j.stax.impl.transformer.STRTransformer" /> | |
<TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform" | |
JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform" /> | |
<TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform" | |
JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentCompleteSignatureTransform" /> | |
<!-- The compress-transformations are disabled by default because its not standard | |
and could introduce potential security issues --> | |
<!-- | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="IN" | |
JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="IN" | |
JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="IN" | |
JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorInputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="IN" | |
JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="OUT" | |
JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="OUT" | |
JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="OUT" | |
JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorOutputStream" /> | |
<TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="OUT" | |
JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream" /> | |
--> | |
<xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:TransformAlgorithms/c:TransformAlgorithm[@URI!='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform'])"/> | |
</TransformAlgorithms> | |
<JCEAlgorithmMappings> | |
<xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:JCEAlgorithmMappings/c:Algorithm)"/> | |
</JCEAlgorithmMappings> | |
<ResourceResolvers> | |
<Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverSameDocument" | |
DESCRIPTION="A simple resolver for requests of same-document URIs"/> | |
<Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverXPointer" | |
DESCRIPTION="A simple resolver for requests of XPointer fragents"/> | |
<Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverAttachment" | |
DESCRIPTION="A simple resolver for SwA"/> | |
<xi:include href="security-config.xml" | |
xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:ResourceResolvers/c:Resolver[@JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument' and @JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverXPointer'])"/> | |
</ResourceResolvers> | |
</Configuration> |