WS-Security Complex Example
In this example we are going to construct a document/literal wrapped webservice that encapsulates an account signup process. A critical element in this account signup process is the customer's credit card information. We will need to ensure that this data is protected using WS-Security.
JavaBean Data Objects
We start by constructing the java beans that represent the account that will be passed to our signup service.
Address represents the billing and physical address of the account.
public class Address
{
private String street;
private String city;
private String state;
private String zip;
public String getCity()
{
return city;
}
public void setCity(String city)
{
this.city = city;
}
public String getState()
{
return state;
}
public void setState(String state)
{
this.state = state;
}
public String getStreet()
{
return street;
}
public void setStreet(String street)
{
this.street = street;
}
public String getZip()
{
return zip;
}
public void setZip(String zip)
{
this.zip = zip;
}
}
CreditCardInfo represents the card information needed to bill an account. *
public class CreditCardInfo
{
private String creditCardNumber;
private Date expiration;
private String securityCode;
public String getCreditCardNumber()
{
return creditCardNumber;
}
public void setCreditCardNumber(String creditCardNumber)
{
this.creditCardNumber = creditCardNumber;
}
public Date getExpiration()
{
return expiration;
}
public void setExpiration(Date expiration)
{
this.expiration = expiration;
}
public String getSecurityCode()
{
return securityCode;
}
public void setSecurityCode(String securityCode)
{
this.securityCode = securityCode;
}
}
AccountInfo is a composite of the persons name, their addres, and their credit card information. *
public class AccountInfo
{
private String firstName;
private String lastName;
private Address address;
private CreditCardInfo creditCardInfo;
public Address getAddress()
{
return address;
}
public void setAddress(Address address)
{
this.address = address;
}
public CreditCardInfo getCreditCardInfo()
{
return creditCardInfo;
}
public void setCreditCardInfo(CreditCardInfo creditCardInfo)
{
this.creditCardInfo = creditCardInfo;
}
public String getFirstName()
{
return firstName;
}
public void setFirstName(String firstName)
{
this.firstName = firstName;
}
public String getLastName()
{
return lastName;
}
public void setLastName(String lastName)
{
this.lastName = lastName;
}
}
Service Endpoint Interface
Following the same steps in the document literal step by step tutorial,
we then create our Service Enpoint Interface. Here we will define a signup method for our account signup service. This method will need to include the account information that we built as a javabean object model, as well as some additional infomration. In this example we need to allow for a discount, as well as a signup time (to allow for accounts to be post-activated). We also will need a confirmation number that will be our return value.
public interface AccountSignup extends Remote
{
public int signup(AccountInfo accountInfo, float discountAmount, Date signupTime) throws RemoteException;
}
Service Endpoint Implementation
Now that we have defined our SEI, we can build a JSE (Java Service Endpoint) which is our implementation of the SEI. This sample implementation just checks and logs the value of the credit card related fields.
public class AccountSignupImpl implements AccountSignup
{
private Logger log = Logger.getLogger(AccountSignup.class);
public int signup(AccountInfo accountInfo, float discountAmount, Date signupTime) throws RemoteException
{
String creditCardNumber = accountInfo.getCreditCardInfo().getCreditCardNumber();
log.info("Credit card number = " + creditCardNumber);
Date expiration = accountInfo.getCreditCardInfo().getExpiration();
log.info("Credit card expiration = " + expiration);
String securityCode = accountInfo.getCreditCardInfo().getSecurityCode();
log.info("Credit card security code = " + securityCode);
if (! "1234-1234-1234-1234".equals(creditCardNumber))
throw new RemoteException("Invalid credit card number");
Calendar cal = Calendar.getInstance();
cal.clear();
cal.set(2005, 11, 1, 0, 0);
if (! expiration.equals(cal.getTime()))
throw new RemoteException("Invalid expiration date");
if (! securityCode.equals("123"))
throw new RemoteException("Invalid security code");
// We pretend that we signed up the account
return 345;
}
}
Generate WSDL, mapping, and wrapping structures.
After compiling our classes, we now use wscompile to generate the required WSDL and jaxrpc-mapping file for our service. Since we are using document/literal wrapped, we also will need generated request and response structures to hold the parameter values.
wscompile -cp output/classes -gen:server -f:documentliteral -mapping jaxrpc-mapping.xml -keep config.xml
Our config.xml file contains:
<configuration xmlns="http://java.sun.com/xml/ns/jax-rpc/ri/config"> <service name="AccountSignupService" targetNamespace="http://org.jboss.test.ws/wsse" typeNamespace="http://org.jboss.test.ws/wsse/types" packageName="org.jboss.test.ws.wsse.signup"> <interface name="org.jboss.test.ws.wsse.signup.AccountSignup"></interface> </service> </configuration>
We need the following generated files in the directory where we ran wscompile (throw away the rest):
org/jboss/test/ws/wsse/signup/AccountSignup_signup_RequestStruct.java
org/jboss/test/ws/wsse/signup/AccountSignup_signup_ResponseStruct.java
AccountSignupService.wsdl
jaxrpc-mapping.xml
Modify WSDL to qualify Address and CreditCardInfo fields of AccountInfo
For reasons that I will explain later, we need to fully qualify the CreditCardInfo, and Address types that are in AccountInfo. There are many ways to do this, but the easiest is to add form="qualifed" to each field like so:
<complexType name="AccountInfo"> <sequence> <element name="address" form="qualified" type="tns:Address" nillable="true"></element> <element name="creditCardInfo" form="qualified" type="tns:CreditCardInfo" nillable="true"></element> <element name="firstName" type="string" nillable="true"></element> <element name="lastName" type="string" nillable="true"></element></sequence></complexType>
Web deployment descriptor (web.xml)
A JSE is deployed as war with the service endpoint implementation bean (AccountSignupImpl) listed in the servlet-class tag of the web.xml file. We write this one by hand:
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4"> <servlet> <servlet-name>AccountSignup</servlet-name> <servlet-class>org.jboss.test.ws.wsse.signup.AccountSignupImpl</servlet-class> </servlet> <servlet-mapping> <servlet-name>AccountSignup</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> </web-app>
Web Services deployment descriptor
The web services deployment descriptor is the glue that specifies where all of the elements required to create a JSE are located.
<webservices xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:impl="http://org.jboss.test.ws/wsse" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://www.ibm.com/webservices/xsd/j2ee_web_services_1_1.xsd" version="1.1"> <webservice-description> <webservice-description-name>AccountSignupService</webservice-description-name> <wsdl-file>WEB-INF/wsdl/AccountSignupService.wsdl</wsdl-file> <jaxrpc-mapping-file>WEB-INF/jaxrpc-mapping.xml</jaxrpc-mapping-file> <port-component> <port-component-name>AccountSignupPort</port-component-name> <wsdl-port>impl:AccountSignupPort</wsdl-port> <service-endpoint-interface>org.jboss.test.ws.wsse.signup.AccountSignup</service-endpoint-interface> <service-impl-bean> <servlet-link>AccountSignup</servlet-link> </service-impl-bean> </port-component> </webservice-description> </webservices>
Build JSE Deployment
Now that we have defined all of the elements in our JSE, we can now build the corresponding WAR file. When it is complete, it should look something like this:
Length Date Time Name -------- ---- ---- ---- 0 11-01-05 15:11 META-INF/ 106 11-01-05 15:11 META-INF/MANIFEST.MF 0 11-01-05 15:11 WEB-INF/ 0 11-01-05 15:11 WEB-INF/classes/ 0 10-31-05 21:40 WEB-INF/classes/org/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ws/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ws/wsse/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ws/wsse/signup/ 1463 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountInfo.class 296 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignup.class 2281 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignupImpl.class 1416 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignup_signup_RequestStruct.class 683 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignup_signup_ResponseStruct.class 1108 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/Address.class 1081 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/CreditCardInfo.class 0 11-01-05 15:09 WEB-INF/wsdl/ 6553 10-31-05 21:41 WEB-INF/jaxrpc-mapping.xml 997 10-31-05 21:40 WEB-INF/webservices.xml 3296 11-01-05 15:09 WEB-INF/wsdl/AccountSignupService.wsdl 555 10-31-05 21:40 WEB-INF/web.xml -------- ------- 19835 22 files
Building the client
Now that we have a working deployable server, we need to develop a client. This will require a client jar, as well as a client application.
J2EE application client deployment descriptor (application-client.xml)
J2EE Web Service Clients are partly implemented as a deployable J2EE Application Client. This requires the application-client.xml deployment descriptor. Here we include a service-ref, which maps to our JSE.
<?xml version="1.0" encoding="UTF-8"?> <application-client xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/application-client_1_4.xsd" version="1.4"> <display-name>AccountSignupService</display-name> <service-ref> <service-ref-name>service/AccountSignupService</service-ref-name> <service-interface>javax.xml.rpc.Service</service-interface> <wsdl-file>META-INF/wsdl/AccountSignupService.wsdl</wsdl-file> <jaxrpc-mapping-file>META-INF/jaxrpc-mapping.xml</jaxrpc-mapping-file> <port-component-ref> <service-endpoint-interface>org.jboss.test.ws.wsse.signup.AccountSignup</service-endpoint-interface> </port-component-ref> </service-ref> </application-client>
Bundle J2EE Application Client JAR
Now we can reuse the elements from our server implementation to create our final client jar bundle:
Length Date Time Name -------- ---- ---- ---- 0 11-01-05 15:11 META-INF/ 106 11-01-05 15:11 META-INF/MANIFEST.MF 0 10-31-05 21:40 org/ 0 10-31-05 21:40 org/jboss/ 0 10-31-05 21:40 org/jboss/test/ 0 10-31-05 21:40 org/jboss/test/ws/ 0 10-31-05 21:40 org/jboss/test/ws/wsse/ 0 10-31-05 21:40 org/jboss/test/ws/wsse/signup/ 1463 10-31-05 22:27 org/jboss/test/ws/wsse/signup/AccountInfo.class 296 10-31-05 22:27 org/jboss/test/ws/wsse/signup/AccountSignup.class 1108 10-31-05 22:27 org/jboss/test/ws/wsse/signup/Address.class 1081 10-31-05 22:27 org/jboss/test/ws/wsse/signup/CreditCardInfo.class 833 10-31-05 21:41 META-INF/application-client.xml 441 10-31-05 21:40 META-INF/jboss-client.xml 0 11-01-05 15:09 META-INF/wsdl/ 6553 10-31-05 21:41 META-INF/jaxrpc-mapping.xml 3296 11-01-05 15:09 META-INF/wsdl/AccountSignupService.wsdl -------- ------- 15177 17 files
Standalone Client Implementation
The last piece to a client is the actual standalone client that will communicate to our service. It will perform a jndi lookup to retrieve a proxy object that was specified in our J2EE Application Client JAR. You can do this however you like, but the following is an example junit test case that acts as a client.
public void testSignup() throws Exception
{
InitialContext iniCtx = getInitialContext();
Service service = (Service)iniCtx.lookup("java:comp/env/service/AccountSignupService");
AccountSignup signup = (AccountSignup)service.getPort(AccountSignup.class);
AccountInfo account = new AccountInfo();
account.setFirstName("Jason");
account.setLastName("Greene");
Address address = new Address();
address.setCity("Madison");
address.setStreet("Some street");
address.setZip("53717");
account.setAddress(address);
CreditCardInfo credit = new CreditCardInfo();
credit.setCreditCardNumber("1234-1234-1234-1234");
Calendar cal = Calendar.getInstance();
cal.clear();
cal.set(2005, 11, 1, 0, 0);
credit.setExpiration(cal.getTime());
credit.setSecurityCode("123");
account.setCreditCardInfo(credit);
int result = signup.signup(account, 0.0f, new Date());
assertTrue(result == 345);
}
Running the service (Unsecured)
After following all of the above steps, you should be able to run the service, and it should work correctly. As you can see from the debug logs, our message is still unsecure.
<?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header></env:Header> <env:Body> <ns1:signup xmlns:ns1="http://org.jboss.test.ws/wsse/types" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <accountInfo> <ns1:address xmlns:ns1="http://org.jboss.test.ws/wsse/types"> <city>Madison</city> <state xsi:nil="1"></state> <street>Some street</street> <zip>53717</zip> </ns1:address> <ns1:creditCardInfo xmlns:ns1="http://org.jboss.test.ws/wsse/types"> <creditCardNumber>1234-1234-1234-1234</creditCardNumber> <expiration>2005-12-01T06:00:00.000Z</expiration> <securityCode>123</securityCode> </ns1:creditCardInfo> <firstName>Jason</firstName> <lastName>Greene</lastName> </accountInfo> <discountAmount>0.0</discountAmount> <signupTime>2005-11-01T21:11:44.718Z</signupTime> </ns1:signup> </env:Body> </env:Envelope>
Securing AccountSignup Service
Now that we have a working service, we need to cryptographicly secure the credit card related data.
Our requirements are the following:
Ensure that no one can see the credit card information
Ensure that no one can change the credit card information
Ensure that no one can change the address (it is critical for the auth service)
Ensure that no one can see the confirmation number
Ensure that no one can change the confirmation number
We can accomplish all of these goals using JBoss WS-Security by declaring the following:
Encrypt and Sign the Credit Card Info
Sign the Address
Encrypt and Sign the return value (confirmation number)
Define the JBoss WS-Security Server Side Deployment Descriptor (jboss-wsse-server.xml)
The following descriptor fulfills our security requirements. Notice that the target tag uses a qname to specify which elements to sign and encrypt. This is why we had to modify our wsdl file earlier to use form="qualified". If we hadn't the field would have been declared local (no namespace), and there would be no way to locate the element.
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
1. <key-store-file>WEB-INF/wsse.keystore</key-store-file>
2. <key-store-type>jks</key-store-type>
3. <key-store-password>jbossws</key-store-password>
4. <trust-store-file>WEB-INF/wsse.truststore</trust-store-file>
5. <trust-store-type>jks</trust-store-type>
6. <trust-store-password>jbossws</trust-store-password>
7. <port name="AccountSignupPort">
8. <operation name="{http://org.jboss.test.ws/wsse}signup">
9. <config>
10. <sign type="x509v3" alias="wsse">
<targets>
11. <target type="qname">{http://org.jboss.test.ws/wsse/types}signupResponse</target>
</targets>
</sign>
12. <encrypt type="x509v3" alias="wsse">
<targets>
13. <target type="qname">{http://org.jboss.test.ws/wsse/types}signupResponse</target>
</targets>
</encrypt>
14. <requires>
15. <signature>
<targets>
16. <target type="qname">{http://org.jboss.test.ws/wsse/types}address</target>
17. <target type="qname">{http://org.jboss.test.ws/wsse/types}creditCardInfo</target>
</targets>
</signature>
18. <encryption>
<targets>
19. <target type="qname">{http://org.jboss.test.ws/wsse/types}creditCardInfo</target>
</targets>
</encryption>
</requires>
</config>
</operation>
</port>
</jboss-ws-security>
Explanation
The key store for the server. This contains the private and public certificate along with the trusted certificate entries of foreign parties we wish to send encrypted data to.
The type of the key store is JKS.
The key store password
The trust store for the server. This contains trusted certificate entries for foriegn parties that will communicate with us.
The type of the trust store is JKS
The trust store password
Here we define a confiuration specific to the "AccountSignupPort" port. This value is taken from the port config in the WSDL file.
We limit our configuration even further, to the specific operation called "signup"
This config block will only appy to AccountSignupPort->signup
Here we state that we want to sign the message using the "wsse" key. Whenever targets are specified with a sign tag, they list the individual elements of a message that are to be signed.
Only sign the signResponse element of the message.
Encrypt parts of the message using the "wsse" certificate.
Only encrypt the signResponse element of the message.
The requires tag specifies which elements of the incoming message must be signed and or encrypted
The incomming message must be signed.
The address field must be signed.
The creditCardInfo field must be signed.
The incoming message must be encrypted.
The creditCardInfo field must be encrypted.
Define the JBoss WS-Security Client Side Deployment Descriptor (jboss-wsse-client.xml)
We then need to mirror our configuration in the client configuration. You will notice that what is encrypted and signed by one config is required by the other. This allows us to enforce a security policy on our service. Also, there is no key store configuration in this file because they are specified in environmental properties on the standalone client.
<?xml version="1.0" encoding="UTF-8"?>
<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
1. <port name="AccountSignupPort">
2. <operation name="{http://org.jboss.test.ws/wsse}signup">
3. <config>
4. <sign type="x509v3" alias="wsse">
<targets>
5. <target type="qname">{http://org.jboss.test.ws/wsse/types}address</target>
6. <target type="qname">{http://org.jboss.test.ws/wsse/types}creditCardInfo</target>
</targets>
</sign>
7. <encrypt type="x509v3" alias="wsse">
<targets>
8. <target type="qname" contentOnly="true">{http://org.jboss.test.ws/wsse/types}creditCardInfo</target>
</targets>
</encrypt>
9. <requires>
10. <signature>
<targets>
11. <target type="qname">{http://org.jboss.test.ws/wsse/types}signupResponse</target>
</targets>
</signature>
12. <encryption>
<targets>
13. <target type="qname">{http://org.jboss.test.ws/wsse/types}signupResponse</target>
</targets>
</encryption>
</requires>
</config>
</operation>
</port>
</jboss-ws-security>
Explanation
Here we define a confiuration specific to the "AccountSignupPort" port. This value is taken from the port config in the WSDL file.
We limit our configuration even further, to the specific operation called "signup"
This config block will only appy to AccountSignupPort->signup
Here we state that we want to sign the message using the "wsse" key. Whenever targets are specified with a sign tag, they list the individual elements of a message that are to be signed.
Sign the address element of the message.
Sign the creditCardInfo element of the message.
Encrypt parts of the message using the "wsse" certificate.
Only encrypt the creditCardInfo element of the message. The contentOnly option is set to true, which means that the creditCardInfo element of the message will still show up. If we want that to be hidden as well, then we would set contentOnly to false.
The requires tag specifies which elements of the incoming message must be signed and or encrypted
The incomming message must be signed.
The signupResponse element must be signed.
The incoming message must be encrypted.
The signupResponse element must be encrypted.
Rebundle the server side WAR to include the new descriptor and key store files
All we need to do is add the following files to our war file.
jboss-wsse-server.xml
wsse.keystore
wsse.trustore
The finished product should look like this:
Archive: output/libs/jbossws-wsse-account-signup.war Length Date Time Name -------- ---- ---- ---- 0 11-01-05 15:11 META-INF/ 106 11-01-05 15:11 META-INF/MANIFEST.MF 0 11-01-05 15:11 WEB-INF/ 0 11-01-05 15:11 WEB-INF/classes/ 0 10-31-05 21:40 WEB-INF/classes/org/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ws/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ws/wsse/ 0 10-31-05 21:40 WEB-INF/classes/org/jboss/test/ws/wsse/signup/ 1463 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountInfo.class 296 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignup.class 2281 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignupImpl.class 1416 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignup_signup_RequestStruct.class 683 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/AccountSignup_signup_ResponseStruct.class 1108 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/Address.class 1081 10-31-05 22:27 WEB-INF/classes/org/jboss/test/ws/wsse/signup/CreditCardInfo.class 0 11-01-05 15:09 WEB-INF/wsdl/ 6553 10-31-05 21:41 WEB-INF/jaxrpc-mapping.xml 1944 11-01-05 15:11 WEB-INF/jboss-wsse-server.xml 997 10-31-05 21:40 WEB-INF/webservices.xml 3296 11-01-05 15:09 WEB-INF/wsdl/AccountSignupService.wsdl 3246 10-31-05 21:41 WEB-INF/wsse.keystore 1487 10-31-05 21:40 WEB-INF/wsse.truststore 555 10-31-05 21:40 WEB-INF/web.xml -------- ------- 26512 25 files
Rebundle the J2EE Application Client JAR to include the new descriptor
We do the same for the client jar:
Archive: output/libs/jbossws-wsse-account-signup-client.jar Length Date Time Name -------- ---- ---- ---- 0 11-01-05 15:11 META-INF/ 106 11-01-05 15:11 META-INF/MANIFEST.MF 0 10-31-05 21:40 org/ 0 10-31-05 21:40 org/jboss/ 0 10-31-05 21:40 org/jboss/test/ 0 10-31-05 21:40 org/jboss/test/ws/ 0 10-31-05 21:40 org/jboss/test/ws/wsse/ 0 10-31-05 21:40 org/jboss/test/ws/wsse/signup/ 1463 10-31-05 22:27 org/jboss/test/ws/wsse/signup/AccountInfo.class 296 10-31-05 22:27 org/jboss/test/ws/wsse/signup/AccountSignup.class 1108 10-31-05 22:27 org/jboss/test/ws/wsse/signup/Address.class 1081 10-31-05 22:27 org/jboss/test/ws/wsse/signup/CreditCardInfo.class 833 10-31-05 21:41 META-INF/application-client.xml 441 10-31-05 21:40 META-INF/jboss-client.xml 1639 11-01-05 15:11 META-INF/jboss-wsse-client.xml 0 11-01-05 15:09 META-INF/wsdl/ 6553 10-31-05 21:41 META-INF/jaxrpc-mapping.xml 3296 11-01-05 15:09 META-INF/wsdl/AccountSignupService.wsdl -------- ------- 16816 18 files
Running the Secured Service
Now that we have completed the required jars, we can deploy them and run the client application. You will now notice that the messages are now secured.
Outgoing Request Message From Client
As you can see, the request message coming from the client now has the address and creditCardInfo fields signed, and the creditCardInfo field is also encrypted. Notice that you can still see the creditCardInfo tag because contentOnly="true" was specified.
<?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header> <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Timestamp wsu:Id="timestamp"> <wsu:Created>2005-11-01T21:11:45.218Z</wsu:Created> </wsu:Timestamp> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-3-1130879505375-16949413" >MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP 1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0 8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04 Hb1iUP9iqcdN2w==</wsse:BinarySecurityToken> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="reference-6-1130879505734-33185374"> <wsse:Reference URI="#token-3-1130879505375-16949413" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" >YrbwFw32rUxwxrmLt7ZOjVYFEegSWB4ZcPQHZOEB7PVNKp/8vBszvb/0sWa1h4cwf6EkgW6nvbAC SHO2qMrXJJO7UFzic9S6astXlK7DdYlzOaj+ksxrFc4s9AXK1xLgIN0PwkPyjsQkI+/Hn5pZrSDp PeYBrIT9S4jZV7NsznlBaFa8AvQYoasOUIxj4T0CUSZRrMhpZD3fb0RTobRS16M6D3nmYKVFyYIv bmr76DpulLbooBu3sWd32Sbulfm7Eub7O7cpeoX6TY9ozQe9pOCws5B8ezmWIqQI8Ek3mGUpACa7 De8hC5kCSX2TubF6myYkoxButsKr+5Sb89MNbw==</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:DataReference URI="#encrypted-5-1130879505609-15430449" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:DataReference> </xenc:ReferenceList> </xenc:EncryptedKey> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod> <ds:Reference URI="#element-1-1130879505234-22845412" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >a+/5mNA4SWRxTYkd6+6KcxfHfXQ=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#element-2-1130879505234-21465645" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >qG69k0/P41SNgEafvi5QDo7T5eY=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#timestamp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >W+g6lleSL6YpUCBAmIvgIfojsTI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> xiqYuxXvPaoZIvgMMJ8wgMopzh7d+mEBFEeo5z0rjP5RGBa59pE152ktG652eYfRRYb4fVc+XgXj WC2HiLq0nDQ9QdOLWcZERQsgz6mWhN2lxHT5bW/AzdmzV0v3vp9LzQWQadGp0hUDp3qeCyBonLCA gm6CQV/ufNc3+pAPdJJBUt24Ybpl6NX2dwX00lTFlUe9yCELNdx+BdUn1I3ceRhCHHo7u0RDqz5p IQPdJWXsqQ+r/f07GNlL9ACvPgpaXLgFeWoGWkWakpAA2lbJZG4G9TP/i2ocYl87piATnIRGXlrA hrsELPCRy1z0SNOOP9F/9FgHFWy2VRl9YoewHQ==</ds:SignatureValue> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="reference-4-1130879505375-25211438"> <wsse:Reference URI="#token-3-1130879505375-16949413" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" ></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </env:Header> <env:Body> <ns1:signup xmlns:ns1="http://org.jboss.test.ws/wsse/types" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <accountInfo> <ns1:address wsu:Id="element-1-1130879505234-22845412" xmlns:ns1="http://org.jboss.test.ws/wsse/types" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <city>Madison</city> <state xsi:nil="1"></state> <street>Some street</street> <zip>53717</zip> </ns1:address> <ns1:creditCardInfo wsu:Id="element-2-1130879505234-21465645" xmlns:ns1="http://org.jboss.test.ws/wsse/types" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <xenc:EncryptedData Id="encrypted-5-1130879505609-15430449" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" >3prk0TVK7Cgljv5nmR36/kMNjY729DwzjMu4lLL+AHpcVD7WZYu+BZWP43eVO3fJah5yCmeP3Ddn RUAfk1gin6fFhaP9F1YjxBLOrWpOeRnIP+QDGnGburIjuZIMw0qxAb7d/u77RHqnHWYuVaHB4oSM dXihayUA6OQH7cL41yUVuX+Jf9vJ6tQMRrU6BzoUHZ8pFF3MiR2mcGncFkJmuhy3fj9Nc5sOPgNY vKhYsMgwohP7NLQbdWRhQTutaBySqm08RoVd+AdlDwy2Q+VkipU7D5s9Yzpmy0yvmdNbUlSOTra1 jwjRomBz3DYM3Bg3X0AceKd3Q9zbh3aJsmXX7PLECbjvov3QhVn5Q4vKbXU1qqlvH30QRl271iWe toODvS0gOid+Mg18FwWGVUB2uPb29t+Z25vXl+zwDhqP7lsNCcAipy8ZAmOMppCnqy4uFzKk01lc BF/Yyrp9bcS0gTm+2hWFKZ3X15m8okMd99fzrnbF+bpIcjTbS3uAbQt9MHeLarEc9piPs1WjB3rX rZYGz0uSTDC8esBDDAGE9do=</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </ns1:creditCardInfo> <firstName>Jason</firstName> <lastName>Greene</lastName> </accountInfo> <discountAmount>0.0</discountAmount> <signupTime>2005-11-01T21:11:44.718Z</signupTime> </ns1:signup> </env:Body> </env:Envelope>
Incoming Response From Server
The response the comes from the server will have an encrypted and signed signupResponse. Notice that you can not see the signupResponse tag because contentOnly was not specified (and thus false).
<?xml version="1.0" encoding="UTF-8"?> <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"> <env:Header> <wsse:Security env:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsu:Timestamp wsu:Id="timestamp"> <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" >2005-11-01T21:11:45.968Z</wsu:Created> </wsu:Timestamp> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="token-71-1130879506031-14692992" >MIIEQTCCA6qgAwIBAgIBAzANBgkqhkiG9w0BAQUFADCBkjELMAkGA1UEBhMCVVMxEzARBgNVBAgT Cldhc2hpbmd0b24xGDAWBgNVBAcTD1Nub3F1YWxtaWUgUGFzczETMBEGA1UEChMKSkJvc3MgSW5j LjELMAkGA1UECxMCUUExEjAQBgNVBAMTCWpib3NzLmNvbTEeMBwGCSqGSIb3DQEJARYPYWRtaW5A amJvc3MuY29tMB4XDTA1MDkxNTAwMDk0MVoXDTE1MDkxMzAwMDk0MVowgYsxCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRMwEQYDVQQKEwpKQm9zcyBJbmMuMRQwEgYDVQQLEwtEZXZl bG9wbWVudDEVMBMGA1UEAxMMSmFzb24gR3JlZW5lMSUwIwYJKoZIhvcNAQkBFhZqYXNvbi5ncmVl bmVAamJvc3MuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzzj+VomXdEuHTg4g N9mN865eulLiAPITiZMLfz2ODuzF0pj39iTKhHM8IS6YQYbkPGRXMTmnCy0NFfMsVKTXs/9rZBMP 1ko3kZopaN+XrUT8yxIiydL76QYcRpDGgxG9G4kc+mHdt0rZtARWVwoVPhO4Irx09AONpSYqdSq0 8jMXscA+yXwvhDHGV+J4CCSmQgYVa95OdDaAMnWp5csAfg4eL/GTLI36Up4tjsFnMq5NFKsCnZ1q qxA1OO3CbhsK/IlEZw13alGJPJ1FgvaTZTZNh+h2YIKl//P5iQOtfURrzWsVwGcEa6S+lC72BJHj JBOw4byI/FTi1HCe6wd3iQIDAQABo4IBJjCCASIwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFKzdWmBd7MDzEemEN6HMXIeq St86MIHHBgNVHSMEgb8wgbyAFEuV2BcIYuw61dmN9JIrAvNK+hZ+oYGYpIGVMIGSMQswCQYDVQQG EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEYMBYGA1UEBxMPU25vcXVhbG1pZSBQYXNzMRMwEQYD VQQKEwpKQm9zcyBJbmMuMQswCQYDVQQLEwJRQTESMBAGA1UEAxMJamJvc3MuY29tMR4wHAYJKoZI hvcNAQkBFg9hZG1pbkBqYm9zcy5jb22CCQCr9VL/ZBpN7zANBgkqhkiG9w0BAQUFAAOBgQDEU/Bs M2Pqcr8j8/NdYlgSYXX1R7u2wjYkRnW6jeHlxNm5XeuY0t4nr8fq5S05YOAlU4LTJuGNMB8kZUit hAU2QxkMLmKKsb+B1zIdzP756xC6x+5g0dXLIt0ItVjPv5GQIw1SRmQKBkfliwV5jOrkCzJ5/v04 Hb1iUP9iqcdN2w==</wsse:BinarySecurityToken> <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="reference-74-1130879506046-6756072" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#token-71-1130879506031-14692992" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" >dfQCQZ9lInP+OhkH7ZBVsb/+88zj444HhkRvdpSNjaPN1c05Yrz09KMTqXtyDMDkyNlGm4iFxqtG UfsG1xNBy0Lknyos/M25UJFzOXru71WEfIdfPzLTtafXg6T5U3sF50/YioePNIx5nHTti6aZl5UU VML0GM2znT+F6gaiPdtUWl3G4TfR8ImdQFQVnWiHVnrHFDjrEQFE6rVqg5QZ50hfJEqmmxXy76gl msELidFSf/QGSqnZabg4taotPpoYO7yqAgJ/K+6HaWdXrxSoFzi6qy+KERCYdjn3h+4h2LG2/pZT Sz6/9JIKFMVX/jSKWHLSpZMZOPgs8fiaxdGSdA==</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:DataReference URI="#encrypted-73-1130879506031-32398886" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:DataReference> </xenc:ReferenceList> </xenc:EncryptedKey> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:SignatureMethod> <ds:Reference URI="#element-70-1130879505968-21747685" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >M+hforAtfylje9N8ad+mWI/iryg=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#timestamp" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"></ds:DigestMethod> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#" >00PZ0lUnPgBCX6eiQPBYXJBQTnM=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> mnKc5vBylx5nGSDE1YHH1puXnMNXLboOzpwCPRzpIw9+jCDzPzQHRCGuN7InmYojUfQdjMvx7KTW P9gloERBjm6z6k5pEPOOUNEwuFhqZqVc4yUc4UWAH56LOr11DvrSxOpsPnzX6KlGAGRO4NlI74B1 cNUQlTCK9SletL3F/mKi+NTikYMre6XGwmrkE9s3ZB5vWKZmrZjGhuWmSCAXaIcTMP1QRWjJribV T+j3JscEz2woJ5AreggNSL1pp9Zlytd2eQgAy9jmblNXKWyg9g6zwiKfVPz1Pb0iVxsC1/TGrOq1 18zJ60ejdgZCCU9y9VKMVOi4SIY6rC8Z0YfDfg==</ds:SignatureValue> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference wsu:Id="reference-72-1130879506031-18057873" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:Reference URI="#token-71-1130879506031-14692992" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" ></wsse:Reference> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </env:Header> <env:Body> <xenc:EncryptedData Id="encrypted-73-1130879506031-32398886" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"></xenc:EncryptionMethod> <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:CipherValue xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" >Pf1EGgr8rJ026HUNWfwyUGw+WZqq8kvNNOsJuFbn8MCARHWQCrh5q+xUSEcUCwhScBzH5NIe8xIW wF6ELe9Ca9Hvts9opIxzqnbp0TdAOZzNIGlvRzqI8lIZL5zOfxFL9dQJT+ggZem5z9jSfigWwAUR 6WG9CvHkgW5zUbj9vokAwCDJzv72xU3OcoNNKCZsXyLYpoXenrILx+K8w+r2ahkqbm5Xc/TafBsb RAJjboMP3+qiE1NPsK99rQUN8DybB/DD+Wbr581SzFjBl4PblfesLveugDFELLsoG3Hzhcs88EYs tfV1AOlLM6g3mhW81DQLDMrHT9n49qTJ1vLRoJgjsRrOieBzSjlrHn1ddjd7tcBiqpHgans0SuLF 0ShMIhvLQReuPZjr/ycTxsWX91FKZ39eBYG5dRdEJ8ZKmcvRUCYhww+bU4ocNuOveL/Vz71IrZ4s fl+uiT6yriA6F+WNnSlyotm3wWwHQcplNgBOwMxhZl/lk5Nv+Cx9PEq6</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </env:Body> </env:Envelope>
Comments