<?xml version="1.0" encoding="UTF-8"?> <!-- ! ! Copyright 2006 The Apache Software Foundation. ! ! Licensed under the Apache License, Version 2.0 (the "License"); ! you may not use this file except in compliance with the License. ! You may obtain a copy of the License at ! ! http://www.apache.org/licenses/LICENSE-2.0 ! ! Unless required by applicable law or agreed to in writing, software ! distributed under the License is distributed on an "AS IS" BASIS, ! WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ! See the License for the specific language governing permissions and ! limitations under the License. !--> <!-- services.xml of sample-07 : Sign and Encryption with multiple keys--> <service> <operation name="echo"> <messageReceiver class="org.apache.axis2.rpc.receivers.RPCMessageReceiver"/> </operation> <parameter name="ServiceClass" locked="false">org.apache.rampart.samples.policy.sample07.SimpleService</parameter> <module ref="rampart"/> <module ref="addressing"/> <wsp:Policy wsu:Id="SigEncrWithMultipleKeys" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp:All> <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:InitiatorToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"> <wsp:Policy> <sp:RequireThumbprintReference /> <sp:WssX509V3Token10 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:InitiatorToken> <sp:RecipientToken> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never"> <wsp:Policy> <sp:RequireThumbprintReference /> <sp:WssX509V3Token10 /> </wsp:Policy> </sp:X509Token> </wsp:Policy> </sp:RecipientToken> <sp:AlgorithmSuite> <wsp:Policy> <sp:TripleDesRsa15 /> </wsp:Policy> </sp:AlgorithmSuite> <sp:Layout> <wsp:Policy> <sp:Strict /> </wsp:Policy> </sp:Layout> <sp:IncludeTimestamp /> <sp:OnlySignEntireHeadersAndBody /> </wsp:Policy> </sp:AsymmetricBinding> <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"> <wsp:Policy> <sp:RequireThumbprintReference /> <sp:WssX509V3Token10 /> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:userCertAlias>client2</ramp:userCertAlias> <ramp:encryptionUser>client2</ramp:encryptionUser> </ramp:RampartConfig> </wsp:Policy> </sp:X509Token> <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://sample07.policy.samples.rampart.apache.org" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath> </sp:EncryptedElements> <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://sample07.policy.samples.rampart.apache.org" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param0</sp:XPath> </sp:SignedElements> </wsp:Policy> </sp:SupportingTokens> <sp:SupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"> <wsp:Policy> <sp:RequireThumbprintReference /> <sp:WssX509V3Token10 /> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:userCertAlias>client</ramp:userCertAlias> <ramp:encryptionUser>service</ramp:encryptionUser> </ramp:RampartConfig> </wsp:Policy> </sp:X509Token> <sp:EncryptedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://sample07.policy.samples.rampart.apache.org" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath> </sp:EncryptedElements> <sp:SignedElements xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns="http://sample07.policy.samples.rampart.apache.org" xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <sp:XPath>/soapenv:Envelope/soapenv:Body/ns:echo/ns:param1</sp:XPath> </sp:SignedElements> </wsp:Policy> </sp:SupportingTokens> <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"> <wsp:Policy> <sp:MustSupportRefKeyIdentifier /> <sp:MustSupportRefIssuerSerial /> </wsp:Policy> </sp:Wss10> <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy"> <ramp:user>service</ramp:user> <ramp:encryptionUser>client</ramp:encryptionUser> <ramp:passwordCallbackClass>org.apache.rampart.samples.policy.sample07.PWCBHandler </ramp:passwordCallbackClass> <ramp:signatureCrypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache </ramp:property> </ramp:crypto> </ramp:signatureCrypto> <ramp:encryptionCypto> <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin"> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.file">service.jks</ramp:property> <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">apache </ramp:property> </ramp:crypto> </ramp:encryptionCypto> </ramp:RampartConfig> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> </service>