I am using Axis2 v1.3 and Rampart v1.3 on JBossAS v4.0.5 running on Java 1.6.0_03.
My goal is to allow access to my service only to those clients who possess a certificate that I issued (using a self-signed CA certificate.)
I also require that the client submit some unique ID -- preferably their encryptionUser (the name that I originally created when issuing the client's certificate.) I used the information found on this page to create my certificates: http://wso2.org/library/174
My final requirement is to retrieve the IP address of the connecting client.
I have tried several different forms of policy.xml, but I've become confused. I don't understand exactly what tags enforce a signature.
I've been reading ws-securitypolicy.pdf (2005, v1.1) but I don't completely understand it. What does the OnlySignEntireHeadersAndBody assertion do?
How can I require a signature?
How can I pass the encryptionUser rather than some arbitrarily-named user token?
How can I obtain the client's IP address?