• Home
• org.apache.wss4j
• wss4j-ws-security-stax
• 2.1.2
• source code
• wss-config.xml

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

wss.wss-config.xml Maven / Gradle / Ivy

<?xml version="1.0"?>
<!-- This configuration file is used for configuration of the org.apache.wss4j -->
<Configuration target="org.apache.xml.security" xmlns="http://www.xmlsecurity.org/NS/configuration" xmlns:xi="http://www.w3.org/2001/XInclude">
    <Properties>
        <Property NAME="securityTokenFactory" VAL="org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl"/>
        <Property NAME="MaximumAllowedDecompressedBytes" VAL="104857600"/>
        <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:Properties/c:Property[@NAME!='securityTokenFactory'])"/>
        <Property NAME="AllowNotSameDocumentReferences" VAL="true"/>
    </Properties>
    <SecurityHeaderHandlers>
        <Handler NAME="BinarySecurityToken"
                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.BinarySecurityTokenInputHandler"/>
        <Handler NAME="EncryptedKey"
                 URI="http://www.w3.org/2001/04/xmlenc#"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSEncryptedKeyInputHandler"/>
        <Handler NAME="ReferenceList"
                 URI="http://www.w3.org/2001/04/xmlenc#"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.ReferenceListInputHandler"/>
        <Handler NAME="EncryptedData"
                 URI="http://www.w3.org/2001/04/xmlenc#"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.EncryptedDataInputHandler"/>
        <Handler NAME="Signature"
                 URI="http://www.w3.org/2000/09/xmldsig#"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.WSSSignatureInputHandler"/>
        <Handler NAME="Timestamp"
                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.TimestampInputHandler"/>
        <Handler NAME="UsernameToken"
                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.UsernameTokenInputHandler"/>
        <Handler NAME="SignatureConfirmation"
                 URI="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SignatureConfirmationInputHandler"/>
        <Handler NAME="SecurityTokenReference"
                 URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityTokenReferenceInputHandler"/>
        <Handler NAME="Assertion"
                 URI="urn:oasis:names:tc:SAML:1.0:assertion"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/>
        <Handler NAME="Assertion"
                 URI="urn:oasis:names:tc:SAML:2.0:assertion"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler"/>
        <Handler NAME="SecurityContextToken"
                 URI="http://schemas.xmlsoap.org/ws/2005/02/sc"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/>
        <Handler NAME="SecurityContextToken"
                 URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.SecurityContextTokenInputHandler"/>
        <Handler NAME="DerivedKeyToken"
                 URI="http://schemas.xmlsoap.org/ws/2005/02/sc"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/>
        <Handler NAME="DerivedKeyToken"
                 URI="http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512"
                 JAVACLASS="org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler"/>
    </SecurityHeaderHandlers>
   <TransformAlgorithms>
       <!-- STR-Transformer -->
       <TransformAlgorithm URI="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform"
                          JAVACLASS="org.apache.wss4j.stax.impl.transformer.STRTransformer" />

       <TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform"
                           JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentContentSignatureTransform" />
       <TransformAlgorithm URI="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Complete-Signature-Transform"
                           JAVACLASS="org.apache.wss4j.stax.impl.transformer.AttachmentCompleteSignatureTransform" />

       <!-- The compress-transformations are disabled by default because its not standard
       and could introduce potential security issues -->
       <!--
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="IN"
                           JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="IN"
                           JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="IN"
                           JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorInputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="IN"
                           JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorInputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/gzip" INOUT="OUT"
                           JAVACLASS="org.apache.commons.compress.compressors.gzip.GzipCompressorOutputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/bzip2" INOUT="OUT"
                           JAVACLASS="org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/xz" INOUT="OUT"
                           JAVACLASS="org.apache.commons.compress.compressors.xz.XZCompressorOutputStream" />
       <TransformAlgorithm URI="http://www.apache.org/2012/04/xmlsec/pack200" INOUT="OUT"
                           JAVACLASS="org.apache.commons.compress.compressors.pack200.Pack200CompressorOutputStream" />
       -->

       <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:TransformAlgorithms/c:TransformAlgorithm[@URI!='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform'])"/>
   </TransformAlgorithms>
   <JCEAlgorithmMappings>
      <xi:include href="security-config.xml" xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:JCEAlgorithmMappings/c:Algorithm)"/>
   </JCEAlgorithmMappings>
    <ResourceResolvers>
        <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverSameDocument"
                  DESCRIPTION="A simple resolver for requests of same-document URIs"/>
        <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverXPointer"
                  DESCRIPTION="A simple resolver for requests of XPointer fragents"/>
        <Resolver JAVACLASS="org.apache.wss4j.stax.impl.resourceResolvers.ResolverAttachment"
                  DESCRIPTION="A simple resolver for SwA"/>
        <xi:include href="security-config.xml"
                    xpointer="xmlns(c=http://www.xmlsecurity.org/NS/configuration)xpointer(/c:Configuration/c:ResourceResolvers/c:Resolver[@JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverSameDocument' and @JAVACLASS!='org.apache.xml.security.stax.impl.resourceResolvers.ResolverXPointer'])"/>
    </ResourceResolvers>
</Configuration>