๏

๏

๏

๏

๏

๏

๏

๏

๏

๏

๏

๏

๏

๏

๏

๏ http:

//synapse.apache.org

๏

๏

๏

๏

…

Customer Profiles. (Login)

Money Transfer.

Credit card payments. Online bill payments.

๏

๏

๏

๏

๏

Genuine User

Unauthorized User

Secured Proxy Service

Unsecured Service

● Ensure that the timestamp on the token is still valid● Authenticate the username against a repository● Authenticate the username and password against a repository

soapenv:Header>

<wsse:Security

soapenv:mustUnderstand="1">

<wsu:Timestamp

wsu:Id="Timestamp-31497899">

<wsu:Created>2008-02-06T13:39:50.943Z</wsu:Created>

<wsu:Expires>2008-02-06T13:44:50.943Z</wsu:Expires>

</wsu:Timestamp>

<wsse:UsernameToken

wsu:Id="UsernameToken-10697954">

<wsse:Username>apache</wsse:Username>

<wsse:Password

Type="http://...#PasswordText">password</wsse:Password>

</wsse:UsernameToken>

</wsse:Security>

</soapenv:Header>

<soapenv:Body>

๏

๏

๏

๏

๏

๏

๏

<parameter name="customSSLProfiles"> <profile> <servers>www.test.org:80, www.test2.com:9763 </servers> <KeyStore> <Location>/path/to/identity/store</Location> <Type>JKS</Type> <Password>password</Password> <KeyPassword>password </KeyPassword> </KeyStore> <TrustStore> <Location>path/to/trust/store</Location> <Type>JKS</Type> <Password>password</Password> </TrustStore> </profile></parameter>

๏

<parameter name="SSLProfiles"> <profile> <bindAddress>192.168.1.2</bindAddress> <KeyStore> <Location>/path/to/testhost1.p12</Location> <Type>JKS</Type> <Password>test</Password> <KeyPassword>test</KeyPassword> </KeyStore> </profile> <profile> <bindAddress>192.168.1.3</bindAddress> <KeyStore> <Location>/path/to/testhost2.p12</Location> <Type>JSK</Type> <Password>test</Password> <KeyPassword>test</KeyPassword> </KeyStore> </profile></parameter>

๏

๏

๏

๏

๏

๏

๏

<parameter name="SSLVerifyClient">require</parameter>