Formal Schema Definition
This chapter shows the formal schema definition for security configuration files for XWS-Security EA 2.0. More information on using security configuration files is described in Introduction to XML and Web Services Security. More information on each of the schema elements is described in XWS-Security Configuration File Schema. Sample applications that use these elements are described in Understanding and Running the XWS-Security Sample Applications.
<?xml version="1.0"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://java.sun.com/xml/ns/xwss/config" targetNamespace="http://java.sun.com/xml/ns/xwss/config" elementFormDefault="qualified"> <xs:element name="JAXRPCSecurity"> <xs:complexType> <xs:sequence> <xs:element name="Service" type="Service_T" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="SecurityEnvironmentHandler" type="xs:string"/> </xs:sequence> </xs:complexType> </xs:element> <xs:complexType name="Service_T"> <xs:sequence> <xs:element ref="SecurityConfiguration" minOccurs="0"/> <xs:element name="Port" type="Port_T" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="SecurityEnvironmentHandler" type="xs:string" minOccurs="0"/> </xs:sequence> <xs:attribute name="name" type="xs:string" use="optional"/> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="conformance" use="optional"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="bsp"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="useCache" type="xs:boolean" use="optional" default="false"/> </xs:complexType> <xs:complexType name="Port_T" mixed="true"> <xs:sequence> <xs:element ref="SecurityConfiguration" minOccurs="0"/> <xs:element name="Operation" type="Operation_T" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="name" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="conformance" use="optional"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="bsp"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:complexType name="Operation_T"> <xs:sequence> <xs:element ref="SecurityConfiguration" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="name" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:element name="SecurityConfiguration" type="SecurityConfiguration_T"/> <xs:complexType name="SecurityConfiguration_T"> <xs:sequence> <xs:group ref="SecurityConfigurationElements" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="dumpMessages" type="xs:boolean" use="optional" default="false"/> <xs:attribute name="enableDynamicPolicy" type="xs:boolean" use="optional" default="false"/> </xs:complexType> <xs:group name="SecurityConfigurationElements"> <xs:choice> <xs:element name="Timestamp" type="Timestamp_T" minOccurs="0"/> <xs:element name="RequireTimestamp" type="RequireTimestamp_T" minOccurs="0"/> <xs:element name="UsernameToken" type="UsernameToken_T" minOccurs="0"/> <xs:element name="RequireUsernameToken" type="RequireUsernameToken_T" minOccurs="0"/> <xs:element name="SAMLAssertion" type="SAMLAssertion_T" minOccurs="0"/> <xs:element name="RequireSAMLAssertion" type="RequireSAMLAssertion_T" minOccurs="0"/> <xs:element name="OptionalTargets" type="OptionalTargets_T" minOccurs="0"/> <xs:element name="Sign" type="Sign_T"/> <xs:element name="Encrypt" type="Encrypt_T"/> <xs:element name="RequireSignature" type="RequireSignature_T"/> <xs:element name="RequireEncryption" type="RequireEncryption_T"/> </xs:choice> </xs:group> <xs:complexType name="Timestamp_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="timeout" type="xs:decimal" use="optional" default="300"/> </xs:complexType> <xs:complexType name="RequireTimestamp_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="maxClockSkew" type="xs:decimal" use="optional" default="60"/> <xs:attribute name="timestampFreshnessLimit" type="xs:decimal" use="optional" default="300"/> </xs:complexType> <xs:complexType name="UsernameToken_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="name" type="xs:string" use="optional"/> <xs:attribute name="password" type="xs:string" use="optional"/> <xs:attribute name="useNonce" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="digestPassword" type="xs:boolean" use="optional" default="true"/> </xs:complexType> <xs:complexType name="RequireUsernameToken_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="nonceRequired" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="passwordDigestRequired" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="maxClockSkew" type="xs:decimal" use="optional" default="60"/> <xs:attribute name="timestampFreshnessLimit" type="xs:decimal" use="optional" default="300"/> <xs:attribute name="maxNonceAge" type="xs:decimal" use="optional" default="900"/> </xs:complexType> <xs:complexType name="Encrypt_T"> <xs:sequence minOccurs="0"> <xs:choice minOccurs="0" maxOccurs="1"> <xs:element name="X509Token" type="X509Token_T"/> <xs:element name="SAMLAssertion" type="SAMLAssertion_T"/> <xs:element name="SymmetricKey" type="SymmetricKey_T"/> </xs:choice> <xs:element name="KeyEncryptionMethod" type="KeyEncryptionMethod_T" minOccurs="0" maxOccurs="1"/> <xs:element name="DataEncryptionMethod" type="DataEncryptionMethod_T" minOccurs="0" maxOccurs="1"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="Target" type="Target_T" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="EncryptionTarget" type="EncryptionTarget_T" minOccurs="0" maxOccurs="unbounded"/> </xs:choice> </xs:sequence> <xs:attribute name="id" type="id_T" use="optional"/> </xs:complexType> <xs:complexType name="KeyEncryptionMethod_T"> <xs:attribute name="algorithm" use="optional" default="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#rsa-1_5"/> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#kw-tripledes"/> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#kw-aes128"/> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#kw-aes256"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:complexType name="DataEncryptionMethod_T"> <xs:attribute name="algorithm" use="optional" default="http://www.w3.org/2001/04/xmlenc#aes128-cbc"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#aes256-cbc"/> <xs:enumeration value= "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:complexType name="EncryptionTarget_T"> <xs:sequence> <xs:element name="Transform" type="Transform_T" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="type" type="xs:string" use="optional" default="qname"/> <xs:attribute name="contentOnly" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="enforce" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="value" type="xs:string" use="required"/> </xs:complexType> <xs:complexType name="SymmetricKey_T"> <xs:attribute name="keyAlias" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:complexType name="Sign_T"> <xs:sequence> <xs:choice minOccurs="0" maxOccurs="1"> <xs:element name="X509Token" type="X509Token_T"/> <xs:element name="SAMLAssertion" type="SAMLAssertion_T"/> <xs:element name="SymmetricKey" type="SymmetricKey_T"/> </xs:choice> <xs:element name="CanonicalizationMethod" type="CanonicalizationMethod_T" minOccurs="0"/> <xs:element name="SignatureMethod" type="SignatureMethod_T" minOccurs="0"/> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element name="Target" type="Target_T" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="SignatureTarget" type="SignatureTarget_T" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:sequence> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="includeTimestamp" type="xs:boolean" use="optional" default="true"/> </xs:complexType> <xs:complexType name="CanonicalizationMethod_T"> <xs:attribute name="algorithm" type="xs:string" use="optional" default="http://www.w3.org/2001/10/xml-exc-c14n#"/> </xs:complexType> <xs:complexType name="SignatureMethod_T"> <xs:attribute name="algorithm" type="xs:string" use="optional" default="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> </xs:complexType> <xs:complexType name="RequireSignature_T"> <xs:sequence minOccurs="0" maxOccurs="1"> <xs:choice minOccurs="0" maxOccurs="1"> <xs:element name="X509Token" type="X509Token_T"/> <xs:element name="SAMLAssertion" type="SAMLAssertion_T"/> <xs:element name="SymmetricKey" type="SymmetricKey_T"/> </xs:choice> <xs:element name="CanonicalizationMethod" type="CanonicalizationMethod_T" minOccurs="0" maxOccurs="1"/> <xs:element name="SignatureMethod" type="SignatureMethod_T" minOccurs="0" maxOccurs="1"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="Target" type="Target_T" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="SignatureTarget" type="SignatureTarget_T" minOccurs="0" maxOccurs="unbounded"/> </xs:choice> </xs:sequence> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="requireTimestamp" type="xs:boolean" use="optional" default="true"/> </xs:complexType> <xs:complexType name="RequireEncryption_T"> <xs:sequence> <xs:choice minOccurs="0" maxOccurs="1"> <xs:element name="X509Token" type="X509Token_T"/> <xs:element name="SAMLAssertion" type="SAMLAssertion_T"/> <xs:element name="SymmetricKey" type="SymmetricKey_T"/> </xs:choice> <xs:element name="KeyEncryptionMethod" type="KeyEncryptionMethod_T" minOccurs="0" maxOccurs="1"/> <xs:element name="DataEncryptionMethod" type="DataEncryptionMethod_T" minOccurs="0" maxOccurs="1"/> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="Target" type="Target_T"/> <xs:element name="EncryptionTarget" type="EncryptionTarget_T"/> </xs:choice> </xs:sequence> <xs:attribute name="id" type="id_T" use="optional"/> </xs:complexType> <xs:complexType name="OptionalTargets_T"> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="Target" type="Target_T"/> </xs:choice> </xs:complexType> <xs:complexType name="X509Token_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="strId" type="id_T" use="optional"/> <xs:attribute name="certificateAlias" type="xs:string" use="optional"/> <xs:attribute name="keyReferenceType" use="optional" default="Direct"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="Direct"/> <xs:enumeration value="Identifier"/> <xs:enumeration value="IssuerSerialNumber"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="encodingType" use="optional"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="http://docs.oasis- open.org/wss/2004/01/oasis-200401-wss-soap-message- security-1.0#Base64Binary"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="valueType" type="xs:string" use="optional"/> </xs:complexType> <xs:complexType name="SAMLAssertion_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="authorityId" type="id_T" use="optional"/> <xs:attribute name="strId" type="id_T" use="optional"/> <xs:attribute name="keyIdentifier" type="id_T" use="optional"/> <xs:attribute name="encodingType" use="prohibited"/> <xs:attribute name="keyReferenceType" use="optional" default="Identifier"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="Identifier"/> <xs:enumeration value="Embedded"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="type" use="required"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="HOK"/> <xs:enumeration value="SV"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:complexType name="RequireSAMLAssertion_T"> <xs:attribute name="id" type="id_T" use="optional"/> <xs:attribute name="authorityId" type="id_T" use="optional"/> <xs:attribute name="strId" type="id_T" use="optional"/> <xs:attribute name="type" type="xs:string" use="required" fixed="SV"/> <xs:attribute name="encodingType" use="prohibited"/> <xs:attribute name="keyReferenceType" use="optional" default="Identifier"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="Direct"/> <xs:enumeration value="Identifier"/> <xs:enumeration value="Embedded"/> <xs:enumeration value="IssuerSerialNumber"/> </xs:restriction> </xs:simpleType> </xs:attribute> </xs:complexType> <xs:complexType name="Target_T"> <xs:simpleContent> <xs:extension base="xs:string"> <xs:attribute name="type" use="optional" default="qname"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="qname"/> <xs:enumeration value="uri"/> <xs:enumeration value="xpath"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="contentOnly" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="enforce" type="xs:boolean" use="optional" default="true"/> </xs:extension> </xs:simpleContent> </xs:complexType> <xs:complexType name="SignatureTarget_T"> <xs:sequence minOccurs="0" maxOccurs="1"> <xs:element name="DigestMethod" type="DigestMethod_T" minOccurs="0" maxOccurs="1"/> <xs:element name="Transform" type="Transform_T" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="type" use="optional" default="qname"> <xs:simpleType> <xs:restriction base="xs:string"> <xs:enumeration value="qname"/> <xs:enumeration value="uri"/> <xs:enumeration value="xpath"/> </xs:restriction> </xs:simpleType> </xs:attribute> <xs:attribute name="enforce" type="xs:boolean" use="optional" default="true"/> <xs:attribute name="value" type="xs:string" use="optional" default="true"/> </xs:complexType> <xs:complexType name="DigestMethod_T"> <xs:attribute name="algorithm" type="xs:string" use="optional" default="http://www.w3.org/2000/09/xmldsig#sha1"/> </xs:complexType> <xs:complexType name="Transform_T"> <xs:sequence> <xs:element name="AlgorithmParameter" type="AlgorithmParameter_T" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> <xs:attribute name="algorithm" type="xs:string" use="required"/> </xs:complexType> <xs:complexType name="AlgorithmParameter_T"> <xs:attribute name="name" type="xs:string" use="required"/> <xs:attribute name="value" type="xs:string" use="required"/> </xs:complexType> <xs:simpleType name="id_T"> <xs:restriction base="xs:string"> <xs:minLength value="1"/> </xs:restriction> </xs:simpleType> </xs:schema>
All of the material in The Java(TM) Web Services Tutorial is copyright-protected and may not be published in other works without express written permission from Sun Microsystems.
