MyCompanySecurityPolicy.wsse Sample
This topic inludes the source code for the MyCompanySecurityPolicy.wsse Sample.
Sample Location
This sample is located in the following directory in your WebLogic Workshop installation:
BEA_HOME/weblogic81/samples/workshop/SamplesApp/WebServices/security/wsse/reqResp/mycompany/
Sample Source Code
01 <wsSecurityPolicy xsi:schemaLocation="WSSecurity-policy.xsd" xmlns="http://www.bea.com/2003/03/wsse/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
02
03 <wsSecurityIn>
04 <!--
05 Incoming SOAP message must be accompanied by a valid username
06 and password.
07 -->
08 <token tokenType="username"/>
09 <!--
10 Incoming SOAP messages must be encrypted with mycompany.jws's
11 public key. The alias and password to access the mycompany.jws's
12 decrypting private key in the keystore are provided by
13 the <decryptionKey> element below.
14 -->
15 <encryptionRequired>
16 <decryptionKey>
17 <alias>mycompany</alias>
18 <password>password</password>
19 </decryptionKey>
20 </encryptionRequired>
21 <!--
22 Incoming SOAP messages must be digitally signed with the sender's
23 private key.
24 The sender's public key is used to validate the signature.
25 -->
26 <signatureRequired>true</signatureRequired>
27 </wsSecurityIn>
28
29 <wsSecurityOut>
30 <!--
31 Accompany the SOAP message with a valid username and password
32 -->
33 <userNameToken>
34 <userName>weblogic</userName>
35 <password type="TEXT">weblogic</password>
36 </userNameToken>
37 <!--
38 Encrypt the SOAP message with the recipient's (Client.jws) public key.
39 Only the recipient's private key can decrypt it.
40 Ensures the confidentiality of the SOAP message.
41 (This process requires that the sender's keystore already contains
42 a digital certificate containing the recients public key.)
43 -->
44 <encryption>
45 <encryptionKey>
46 <alias>client1</alias>
47 </encryptionKey>
48 </encryption>
49 <!--
50 Sign the SOAP message with the sender's (MyCompany.jws) private key.
51 Only the sender's public key can validate the signature.
52 Ensures the authenticity of the sender, i.e., that the sender is
53 in fact the source of the SOAP message.
54 -->
55 <signatureKey>
56 <alias>mycompany</alias>
57 <password>password</password>
58 </signatureKey>
59 </wsSecurityOut>
60
61 <!--
62 Look for the mycompany.jks keystore in the default location, the server domain
63 root, in this case, BEA_HOME\weblogic81\samples\domains\workshop.
64 -->
65 <keyStore>
66 <keyStoreLocation>samples_mycompany.jks</keyStoreLocation>
67 <keyStorePassword>password</keyStorePassword>
68 </keyStore>
69 </wsSecurityPolicy>
|