NonStop SOAP 4.1 User's Manual
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:User>Alice</rampc:User>
<rampc:PasswordType>Digest</rampc:PasswordType>
<rampc:PasswordCallbackClass><Client Repository>/sample_services/sec_echo/extensible_modules/password_provider/
libpwcb.so</rampc:PasswordCallbackClass>
</rampc:RampartConfig>
Also, the following shows a sample inclusion of UsernameToken in the policy:
<sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
On the server side, you can enable the Authentication Module, if you do not want to use the
Rampart's inbuilt password authentication logic.
Scenario 3: Encryption
You can encrypt the SOAP message by using this scenario. To encrypt the message, you can refer
to the AlgorithmSuite assertion that defines the different algorithms. This scenario uses
Basic256Rsa15 algorithm suite.
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
For additional information about algorithm suite, see http://specs.xmlsoap.org/ws/2005/07/
securitypolicy/ws-securitypolicy.pdf .
The scenario also includes the assertion that can be used to encrypt the whole body.
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:EncryptedParts>
The public key of the NonStop SOAP 4 service is used to encrypt the content and it is specified in
policy.xml.
<rampc:ReceiverCertificate><Client
Repository>/sample_services/sec_echo/keys/bob_cert.cert</rampc:ReceiverCertificate>
To decrypt an incoming message, you must specify your own private key.
<rampc:PrivateKey><Client Repository>/sample_services/sec_echo/keys/alice_key.pem</rampc:PrivateKey>
Scenario 4: Signature
This scenario explains the steps required to sign the SOAP message. Similar to the encryption, to
apply the signature you have to specify the signing parts, certificates, and keys. To specify which
parts of the message must be signed, use the following assertion:
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
The assertion in the sample signs the whole body.
Optionally, the following sample can be used if you want to sign a header:
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
For signature, you can use the following sample algorithm suite:
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic192Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
For additional information about algorithm suite, see http://specs.xmlsoap.org/ws/2005/07/
securitypolicy/ws-securitypolicy.pdf .
282 WS–Security in NonStop SOAP 4