WSPolicy ( scalar policy_xml | { 'security' => options } )
Construct a new WSPolicy Object.
A policy can be one of following.
1. XML string representing the corresponding policy.
2. Hash of options
A hash of options can be specified using the syntax given below.
{"security"=>a hash of security options}
When using WSPolicy, you can use a policy XML file to configure the security options to be used. When the user has a policy file, he or she can create a policy object using an XML string corresponding to that policy file. This is the recommended scenario. In addition to that, the WSO2 WSF/Perl security API gives you the ability to configure a minimum set of security features by using an options hash that is accepted by the WSPolicy constructor. The following is a description of the options that can be provided in the options hash. Examples will be provided on the policy files later in this document.
| Option | Data Type | Value Domain | Default Value | Description |
|---|---|---|---|---|
| "sign" | scalar | "TRUE" | "true" | "X509" | false | Whether to sign the XML message or not. By default signing is not
enabled. If "sign" option is set to "true", the body part of the SOAP message will be signed using the X509 standard. Signing will be done on the body part of the message. To sign other parts of the message, a policy file should be used. |
| "encrypt" | scalar | "TRUE" | "true" | "X509" |
false | Whether to encrypt the XML message or not. By default encryption is
not enabled. If "encrypt" option is set to "true", the body part of the SOAP message will be encrypted using the X509 standard. Encrypting will be done on the body part of the message. To encrypt headers, a policy file should be used. |
| "algorithmSuite" | scalar | corresponds to Security Policy spec 7.1
[Algorithm Suite] definitions |
"Basic256Rsa15" | The symmetric algorithm and asymmetric algorithm will be derived from the algorithmSuite string. |
| "includeTimeStamp" | scalar | "TRUE" | false | If specified true and the user provided the ttl (time to live ) value when providing the security token object, the timestamp will be used. |
| "protectionOrder" | scalar | "EncryptBeforeSigning" | "SignBeforeEncrypt" | "EncryptBeforeSigning" | The order in which integrity and confidentiality are applied to the message in cases where both integrity and confidentiality are required. |
| "useUsernameToken" | scalar | "TRUE" | "true" | false | If the necessary options are provided with the WSSecurityToken object, and if "useUsernameToken" option is set to "true" , then the UsernameToken will be enabled. |
| "securityTokenReference" | scalar | "IssuerSerial" |
"KeyIdentifier"|"EmbeddedToken" |"Thumbprint"| "Direct" |
"KeyIdentifier" |
Defines how the security tokens are sent when using encryption. If you wish to have security token references when signing, you should provide the appropriate policy file. |
| "encryptSignature" | scalar | "TRUE" | false | If specified true the message signature (the primary signayure) must be encrypted. |
A Perl level object that logically represents security properties. This object will be used to specify the security properties from the client or service.
WSSecurityToken.( { options } )
Options that can be provided in the options hash are detailed in the following table.
| Option | Data Type | Value Domain | Default Value | Description |
|---|---|---|---|---|
| "user" | scalar | String | none | Username |
| "certificate" | scalar | String | none | User's certificate to be used for signing |
| "passwordType" | scalar | "PlainText" |"Digest" | Digest | Password type used in UsernameToken |
| "password" | scalar | String | none | User's password used for UsernameToken |
| "privateKey" | scalar | String | none | User's private key |
| "receiverCertificate" | scalar | String |
none | Receiver's certificate to be used for encryption |
| ttl |
scalar |
int |
360 | The time period within
which the message would be valid in seconds |
| Option | Data Type | Value Domain | Default Value | Description |
|---|---|---|---|---|
| "policy" | WSPolicy | WSPolicy instance | none | Policies to be used when using WS-Security. |
| "securityToken" | WSSecurityToken | WSSecurityToken instance | none | User specific security parameters to be used when using WS-Security. |
Only a common subset of security options can be provided as user options. For more complex scenarios, you should provide the appropriate policy file.