• Figure F‑1 shows a graphical representation of the SALT supported WS-SecurityPolicy 1.0 Assertion format in a WS-Policy file.Listing F‑1 demonstrates how to apply Username token authentication with WSSP 1.0 Assertions.Listing F‑1 WSSP 1.0 Policy File SampleSALT provides a number of WS-SecurityPolicy 1.0 template files you can use for most typical Web Service applications. These policy files are located in directory TUXDIR/udataobj/salt/policy.
SALT implements part of WebLogic 12.x / 10 WS-SecurityPolicy 1.0 assertions. For a complete list of WSSP 1.0 assertions supported by WebLogic, see http://docs.oracle.com/middleware/1212/wls/WSREF/sec_assert.htm#g1077013
• For username tokens, you must specify a <UsePassword> child element to specify what kind of the password will be used for in username authentication.Specifies the digest algorithm that is used when digitally signing the specified parts of a SOAP message. Use the <MessageParts> sibling element to specify the parts of the SOAP message you want to digitally sign.
Specifies whether the security token, specified using the <SecurityToken> child element of <Integrity>, should also be digitally signed, in addition to the specified parts of the SOAP message. The MessageParts assertion is always a child of a <Target> assertion. The <Target> assertion can be a child of an Integrity assertion (to specify how the SOAP message is digitally signed).See “Usage of MessageParts” for more information about how to specify the parts of the SOAP message that should be signed.
If this element is defined in the <Identity> parent element, then is specifies that a client application, when invoking the Web Service, must attach a security token to the SOAP request. For example, a Web Service might require that the client application present a Username token for the Web Service to be able to access Tuxedo service. If this element is part of <Integrity>, then it specifies the token used for digital signature.
The value of this attribute is always true when used in the <Identity> assertion, even if you explicitly set it to false.
• http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 (To specify a binary X.509 v3 token)
• http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken (To specify a username token)
Encapsulates information about which targets of a SOAP message are to be signed. When used in <Integrity>, you can specify the <DigestAlgorithm>, <Transform>, and <MessageParts> child elements.Specifies the URI of a transformation algorithm that is applied to the parts of the SOAP message that are signed. Only can exist in a child element of the <Integrity> element.You can specify zero or more transforms, which are executed in the order they appear in the <Target> parent element.
• http://www.w3.org/2000/09/xmldsig#base64 (Base64 decoding transforms)
When you use the <Integrity> assertion in your WS-Policy file, you are required to also use the Target child assertion to specify the targets of the SOAP message to digitally sign. The <Target> assertion in turn requires that you use the <MessageParts> child assertion to specify the actual parts of the SOAP message that should be digitally signed. You can use the Dialect attribute of <MessageParts> to specify the dialect used to identify the SOAP message parts. SALT Web services security module supports only the following dialect:This section shows SALT supported functions that are used with the "http://schemas.xmlsoap.org/2002/12/wsse#part" dialect for selecting parts of a message:
You can only specify the entire SOAP body to be signed. It is recommended that you use the dialect that pre-defines the wsp:Body() function for this purpose.Listing F‑2 shows a wsp:Body() function exampleListing F‑2 wsp:Body() Function