Thursday, November 21, 2013

Invoking Secure Service (UT enabled) Via Non Secure Client -Part 2

Enabling policy

<?xml version="1.0" encoding="UTF-8"?>
<proxy xmlns="http://ws.apache.org/ns/synapse"
       name="NonSecureProxyPolicy"
       transports="https,http"
       statistics="disable"
       trace="disable"
       startOnLoad="true">
   <target>
      <inSequence>
         <log level="full">
            <property name="INNNNN" value="***********INNNN sequence proxy2***********"/>
         </log>
         <send>
            <endpoint>
               <address uri="https://localhost:8243/services/SecureService">
                  <enableSec policy="conf:/security-policy/UT-Policy1"/>
               </address>
            </endpoint>
         </send>
      </inSequence>
      <outSequence>
         <send/>
      </outSequence>
   </target>
   <description/>
</proxy>


Rampart policy

<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UTOverTransport">
   <wsp:ExactlyOne>
      <wsp:All>
         <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
               <sp:TransportToken>
                  <wsp:Policy>
                     <sp:HttpsToken RequireClientCertificate="false"/>
                  </wsp:Policy>
               </sp:TransportToken>
               <sp:AlgorithmSuite>
                  <wsp:Policy>
                     <sp:Basic256/>
                  </wsp:Policy>
               </sp:AlgorithmSuite>
               <sp:Layout>
                  <wsp:Policy>
                     <sp:Lax/>
                  </wsp:Policy>
               </sp:Layout>
               <sp:IncludeTimestamp/>
            </wsp:Policy>
         </sp:TransportBinding>
         <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
               <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
            </wsp:Policy>
         </sp:SignedSupportingTokens>
         <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
            <rampart:user>dushan</rampart:user>
            <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
            <rampart:timestampTTL>300</rampart:timestampTTL>
            <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
            <rampart:timestampStrict>false</rampart:timestampStrict>          <rampart:passwordCallbackClass>org.wso2.samples.pwcb.PWCBHandler</rampart:passwordCallbackClass>
                        <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
         </rampart:RampartConfig>
      </wsp:All>
   </wsp:ExactlyOne>
</wsp:Policy>      
                                

No comments:

Post a Comment