Published on WSO2 Oxygen Tank (http://wso2.org)

WS-security and policy file problem

By shadmehr
Created 2008-03-09 11:43

Hello

I have two ESBs, one is the service provider the other its gateway.

To enable the WS-Security on the system I enabled WS-Security on gateway per policy specified by 'policy_3.xml' from the examples.

The client sends a message including authentication data (username, password) to gateway

Gateway should remove the WS-security header form the message and sends further to provider. After reading the tutorial I think sample 100 is usable for this case; however I have not found how the sample section should be placed / added!! As a sequence, in target definition,or?

The other problem is related with the policy file.

My policy file looks like this:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --

<wsp:Policy
   xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
   wsu:Id="SecureMessagePolicy" >
 
 
      <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
        <ramp:user>alice</ramp:user>
        <ramp:encryptionUser>bob</ramp:encryptionUser>
        <ramp:passwordCallbackClass>samples.userguide.PWCallback</ramp:passwordCallbackClass>
            
        <ramp:signatureCrypto>
            <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                <ramp:property name="org.apache.ws.security.crypto.merlin.file">repository/conf/sample/resources/security/store.jks</ramp:property>
                <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
            </ramp:crypto>
        </ramp:signatureCrypto>
        <ramp:encryptionCypto>
            <ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
                <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
                <ramp:property name="org.apache.ws.security.crypto.merlin.file">repository/conf/sample/resources/security/store.jks</ramp:property>
                <ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
            </ramp:crypto>
        </ramp:encryptionCypto>
 
 
</wsp:Policy>

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - --

The gateway does the authentication correctly but sends a fault message back:

<soapenv:Fault>
         <faultcode>soapenv:MustUnderstand</faultcode>
         <faultstring>Must Understand check failed for header http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd : Security</faultstring>
         <detail/>
      </soapenv:Fault>

Could somebody get a hint what should still be defined in the policy

Thanks for your help

Shadi

Source URL:
http://wso2.org/forum/thread/3332