Questions about policy.xml, signatures, and certificates. - Nate Roe - org.apache.ws.rampart-dev

3 messages in org.apache.ws.rampart-devQuestions about policy.xml, signature...

From	Sent On	Attachments
Nate Roe	Mar 10, 2008 2:42 pm
Nandana Mihindukulasooriya	Mar 11, 2008 1:42 am
Nate Roe	Mar 11, 2008 5:03 pm

Subject:	Questions about policy.xml, signatures, and certificates.
From:	Nate Roe (nate...@vegas.com)
Date:	Mar 10, 2008 2:42:44 pm
List:	org.apache.ws.rampart-dev

I am using Axis2 v1.3 and Rampart v1.3 on JBossAS v4.0.5 running on Java
1.6.0_03.

My goal is to allow access to my service only to those clients who possess a
certificate that I issued (using a self-signed CA certificate.)

I also require that the client submit some unique ID -- preferably their
encryptionUser (the name that I originally created when issuing the client's
certificate.) I used the information found on this page to create my
certificates: http://wso2.org/library/174

My final requirement is to retrieve the IP address of the connecting client.

I have tried several different forms of policy.xml, but I've become confused. I
don't understand exactly what tags enforce a signature.

I've been reading ws-securitypolicy.pdf (2005, v1.1) but I don't completely
understand it. What does the OnlySignEntireHeadersAndBody assertion do?

How can I require a signature? How can I pass the encryptionUser rather than some arbitrarily-named user token? How can I obtain the client's IP address?

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets