glassfish 0.1.1-universal-java-1.5

data/domains/domain1/config/sun-acc.xml

@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+   Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
+   Use is subject to license terms.
+-->
+
+<!--
+   Please remember to customize this file for your environment. The defaults for 
+   following fields may not be appropriate.  
+   - target-server name, address and port
+   - Property security.config in message-security-config
+-->
+
+<!DOCTYPE client-container PUBLIC "-//Sun Microsystems Inc.//DTD Application Server 8.0 Application Client Container//EN" "http://www.sun.com/software/appserver/dtds/sun-application-client-container_1_2.dtd">
+
+<client-container>
+  <target-server name="laturbie.sfbay.sun.com" address="laturbie.sfbay.sun.com" port="3700"/>
+  <log-service file="" level="WARNING"/>
+  <message-security-config auth-layer="SOAP">
+    <!-- turned off by default -->
+    <provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="XWS_ClientProvider" provider-type="client"> 
+      <request-policy auth-source="content"/>
+      <response-policy auth-source="content"/>
+      <property name="encryption.key.alias" value="s1as"/>
+      <property name="signature.key.alias" value="s1as"/>
+      <property name="dynamic.username.password" value="false"/>
+      <property name="debug" value="false"/>
+    </provider-config>
+    <provider-config class-name="com.sun.xml.wss.provider.ClientSecurityAuthModule" provider-id="ClientProvider" provider-type="client"> 
+      <request-policy auth-source="content"/>
+      <response-policy auth-source="content"/>
+      <property name="encryption.key.alias" value="s1as"/>
+      <property name="signature.key.alias" value="s1as"/>
+      <property name="dynamic.username.password" value="false"/>
+      <property name="debug" value="false"/>
+      <property name="security.config" value="/Users/dochez/java/cvs/v3/publish/lib/appclient/wss-client-config-1.0.xml"/> 
+    </provider-config>
+  </message-security-config>
+</client-container>

data/domains/domain1/config/wss-server-config-1.0.xml

@@ -0,0 +1,86 @@
+<!--
+Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+-->
+<!--
+ This server side config file pairs with wss-client-config-1.0.xml on the client
+ and supports the following UseCases:
+ Usecase 1: Authentication using Protected UsernameToken
+ Usecase 3: Encrypted UsernameToken and MessageBody
+ Usecase 4: Response Encryption Key Learnt from Incoming Message
+
+ Certificate Alias Information :
+ 1. A certificateAlias under the <xwss:Encrypt> element signifies the certificate
+    of the recipient of the message.
+ 2. A certificateAlias under the <xwss:Sign> element signifies the certificate of the
+    sender.
+                                                                                                                                               
+ NOTE:
+                                                                                                                                               
+   1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
+   2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
+      RequireEncryption elements. Which of them would be actually used at runtime will depend on
+      the AuthPolicy passed to the module.
+                                                                                                                                               
+      For Example : if Auth-Source=Sender then only the <xwss:UsernameToken> elements will be used
+      and none of the <xwss:Sign> elements will be used.
+      If Auth-Source=Content then the <xwss:Sign> element will be used
+                                                                                                                                               
+   3.  The different variations of <xwss:Encrypt> elements in this configuration file are to accomodate
+       default encryption of the UsernameToken.
+                                                                                                                                               
+   4.  The actual certificate alias to be used for any Signature operation can be modified during AuthModule
+       initialization by setting the alias as the value of "signature.key.alias" property in the Module Options Map.
+   5.  The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
+       initialization by setting the alias as the value of "encryption.key.alias" property in the Module Options Map.
+                                                                                                                                               
+   6. Debug Dumping of Messages can be enabled by setting the "debug" property in the Module Options Map to "true" during
+      AuthModule initialization.
+   7. The Actual configuration file to be used by an Authmodule can be changed by setting the property "security.config" in
+      the Module Options Map to point to the configuration file location.
+   8. When the "security.config" property is not set during module initialization then a client auth module will use wss-client-config-2.0.xml
+      by default.
+   9. When the "security.config" property is not set during module initialization then a server auth module will use wss-server-config-2.0.xml
+      by default.
+
+-->
+
+<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" 
+                            dumpMessages="false">
+    <xwss:Timestamp/>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireSignature>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireSignature>     
+    <xwss:RequireUsernameToken nonceRequired="false" passwordDigestRequired="false"/>      
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+    </xwss:Encrypt>    
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Sign>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Sign>
+    <xwss:UsernameToken digestPassword="false" useNonce="false"/>
+</xwss:SecurityConfiguration>

data/domains/domain1/config/wss-server-config-2.0.xml

@@ -0,0 +1,94 @@
+<!--
+Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+-->
+<!--
+ This server side config file pairs with wss-client-config-2.0.xml on the client 
+ and supports the following UseCases:
+ Usecase 2: Encrypted UsernameToken
+ Usecase 3: Encrypted UsernameToken and MessageBody 
+ Usecase 4: Response Encryption Key Learnt from Incoming Message
+
+ Certificate Alias Information :
+ 1. A certificateAlias under the <xwss:Encrypt> element signifies the certificate
+    of the recipient of the message.
+ 2. A certificateAlias under the <xwss:Sign> element signifies the certificate of the
+    sender.
+                                                                                                                                               
+ NOTE:
+                                                                                                                                               
+   1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
+   2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
+      RequireEncryption elements. Which of them would be actually used at runtime will depend on
+      the AuthPolicy passed to the module.
+                                                                                                                                               
+      For Example : if Auth-Source=Sender then only the <xwss:UsernameToken> elements will be used
+      and none of the <xwss:Sign> elements will be used.
+      If Auth-Source=Content then the <xwss:Sign> element will be used
+                                                                                                                                               
+   3.  The different variations of <xwss:Encrypt> elements in this configuration file are to accomodate
+       default encryption of the UsernameToken.
+                                                                                                                                               
+   4.  The actual certificate alias to be used for any Signature operation can be modified during AuthModule
+       initialization by setting the alias as the value of "signature.key.alias" property in the Module Options Map.
+   5.  The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
+       initialization by setting the alias as the value of "encryption.key.alias" property in the Module Options Map.
+                                                                                                                                               
+   6. Debug Dumping of Messages can be enabled by setting the "debug" property in the Module Options Map to "true" during
+      AuthModule initialization.
+   7. The Actual configuration file to be used by an Authmodule can be changed by setting the property "security.config" in
+      the Module Options Map to point to the configuration file location.
+   8. When the "security.config" property is not set during module initialization then a client auth module will use wss-client-config-2.0.xml
+      by default.
+   9. When the "security.config" property is not set during module initialization then a server auth module will use wss-server-config-2.0.xml
+      by default.
+
+-->
+<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" 
+                            dumpMessages="false">
+    <xwss:Timestamp/>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+    </xwss:Encrypt>    
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Sign>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Sign>
+    <xwss:UsernameToken digestPassword="false" useNonce="true"/>
+
+    <xwss:RequireUsernameToken nonceRequired="true" passwordDigestRequired="false"/>      
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireSignature>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireSignature>     
+</xwss:SecurityConfiguration>

data/domains/domain1/docroot/index.html

@@ -0,0 +1,87 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html lang="en">
+<head>
+  <style TYPE="text/css">
+  body{margin-top:0}
+  body,td,p,div,span,a,ul,ul li, ol, ol li, ol li b, dl,h1,h2,h3,h4,h5,h6,li {
+    font-family:geneva,helvetica,arial,"lucida sans",sans-serif;
+    font-size:10pt
+  }
+  h1 {font-size:18pt}
+  h2 {font-size:14pt}
+  h3 {font-size:12pt}
+  code,kbd,tt,pre {
+    font-family:monaco,courier,"courier new";
+    font-size:10pt;
+  }
+  li {padding-bottom: 8px}
+  p.copy, p.copy a {
+    font-family:geneva,helvetica,arial,"lucida sans",sans-serif;
+    font-size:8pt
+    }
+  p.copy {text-align: center}
+
+  table.grey1,tr.grey1,td.grey1{background:#f1f1f1}
+  th {
+    color:#ffffff;
+    font-family:geneva,helvetica,arial,"lucida sans",sans-serif;
+    font-size:12pt
+  }
+  td.insidehead {
+    font-weight:bold;
+    background:white;
+    text-align: left;
+  }
+  a {text-decoration:none; color:#3E6B8A}
+  a:visited{color:#917E9C}
+  a:hover {text-decoration:underline}
+  </style>
+  <title>GlassFish V3 - Server Running</title>
+</head>
+
+<body text="#000000" link="#594fbf" vlink="#1005fb" alink="#333366"  bgcolor="#ffffff" marginwidth="10">
+<br>
+<table width="100%" border="0" cellspacing="0" cellpadding="3">
+  <tbody>
+    <tr>
+      <td valign="top" align="right"> <a href="http://www.sun.com">sun.com</a> </td>
+    </tr>
+    <tr>
+      <td valign="top" align="left" bgcolor="#587993">
+       <font color="#ffffff">&nbsp;&nbsp;<b>Welcome to the GlassFish V3 preview</b></font>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+<h1>Your server is up and running!</h1>
+
+<p>To replace this page, overwrite&nbsp; <code>&lt;<i>install_dir</i>&gt;/domains/&lt;<i>domain_name</i>&gt;/docroot/index.html</code>,
+where <code>&lt;<i>install_dir</i>&gt;</code> is the Application Server installation directory,
+and <code>&lt;<i>domain_name</i>&gt;</code> is the domain name
+(for example, <code>domain1</code>).<code></code></p>
+<p>
+You are invited to
+<a href="https://softwarereg.sun.com/software/product_registration/index.jsp" target="_blank">register your product now</a>.
+Registration is optional, but as a registered user, you will get:
+<ul>
+  <li>News about product updates </li>
+  <li>Access to value-added contents </li>
+  <li>Notification of promotional programs </li>
+  <li>Entry in Java EE platform-related gift give-aways </li>
+</ul>
+Also check out the <a href="https://glassfish.dev.java.net/">GlassFish project</a>,
+the open source community for the Java EE application server.
+</p>
+<P><b>More Information</b>: For more information about the Application Server, samples, documentation,
+and additional resources, see <code>&lt;<i>install_dir</i>&gt;/docs/about.html</code>,
+where <code>&lt;<i>install_dir</i>&gt;</code> is the Application Server installation directory.</p>
+
+<hr style="width: 80%; height: 2px;">
+
+<p class="copy">
+<a href="http://www.sun.com/company/">Company Info</a>
+&nbsp;&nbsp;|&nbsp;&nbsp; <a href="http://www.sun.com/contact/">Contact</a>
+&nbsp;&nbsp;|&nbsp;&nbsp; Copyright 2007 Sun Microsystems
+</p>
+</body></html>

data/lib/appclient/appclientlogin.conf

@@ -0,0 +1,10 @@
+/*  Copyright 2004 Sun Microsystems, Inc.  All rights reserved.    */
+/*  SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */
+
+default {
+	com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=false;
+};
+
+certificate {
+	com.sun.enterprise.security.auth.login.ClientCertificateLoginModule required debug=false;
+};

data/lib/appclient/client.policy

@@ -0,0 +1,79 @@
+//
+// The contents of this file are subject to the terms 
+// of the Common Development and Distribution License 
+// (the "License").  You may not use this file except 
+// in compliance with the License.
+// 
+// You can obtain a copy of the license at 
+// glassfish/bootstrap/legal/CDDLv1.0.txt or 
+// https://glassfish.dev.java.net/public/CDDLv1.0.html. 
+// See the License for the specific language governing 
+// permissions and limitations under the License.
+// 
+// When distributing Covered Code, include this CDDL 
+// HEADER in each file and include the License file at 
+// glassfish/bootstrap/legal/CDDLv1.0.txt.  If applicable, 
+// add the following below this CDDL HEADER, with the 
+// fields enclosed by brackets "[]" replaced with your 
+// own identifying information: Portions Copyright [yyyy] 
+// [name of copyright owner]
+//
+
+/*  Copyright 2004 Sun Microsystems, Inc.  All rights reserved.    */
+/*  SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. */
+
+//core server classes get all permissions by default
+grant codeBase "file:${com.sun.aas.installRoot}/lib/-" {
+	permission java.security.AllPermission;
+};
+
+//iMQ classes get all permissions by default
+grant codeBase "file:${com.sun.aas.imqLib}/-" {
+	permission java.security.AllPermission;
+};
+
+// Standard extensions get all permissions by default
+grant codeBase "file:${java.home}/lib/ext/-" {
+	permission java.security.AllPermission;
+};
+
+grant codeBase "file:${java.home}/../lib/tools.jar" {
+        permission java.security.AllPermission;
+};
+
+
+
+// default permissions granted to all domains
+grant { 
+	permission java.lang.RuntimePermission "loadLibrary.*";
+	permission java.lang.RuntimePermission "accessClassInPackage.*";
+	permission java.lang.RuntimePermission "exitVM";
+	permission java.lang.RuntimePermission "queuePrintJob";
+	permission java.lang.RuntimePermission "modifyThreadGroup";
+
+	permission java.awt.AWTPermission "accessClipboard";
+	permission java.awt.AWTPermission "accessEventQueue";
+	permission java.awt.AWTPermission "showWindowWithoutWarningBanner";
+
+	permission java.io.FilePermission "<<ALL FILES>>", "read,write";
+
+	permission java.net.SocketPermission "*", "connect,accept,resolve";
+	permission java.net.SocketPermission "localhost:1024-", "accept,listen";
+
+	// "standard" properies that can be read by anyone
+	permission java.util.PropertyPermission "*", "read";
+
+	// setting the JSSE provider for lazy authentication of app. clients.
+	// Please do not change it.
+	permission java.security.SecurityPermission "putProviderProperty.SunJSSE";
+	permission java.security.SecurityPermission "insertProvider.SunJSSE";
+
+        permission java.util.logging.LoggingPermission  "control";
+        //permission java.lang.RuntimePermission      "setSecurityManager";
+};
+
+
+
+
+
+

data/lib/appclient/wss-client-config-1.0.xml

@@ -0,0 +1,84 @@
+<!--
+Copyright 2004 Sun Microsystems, Inc. All rights reserved.
+SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
+-->
+<!--
+ This client side config file pairs with wss-server-config-1.0.xml on the server
+ and supports the following UseCases:
+ Usecase 1: Authentication by Protected UsernameToken
+ Usecase 3: Encrypted UsernameToken and MessageBody
+ Usecase 4: Response Encryption Key Learnt from Incoming Message
+
+ Certificate Alias Information :
+ 1. A certificateAlias under the <xwss:Encrypt> element signifies the certificate
+    of the recipient of the message.
+ 2. A certificateAlias under the <xwss:Sign> element signifies the certificate of the
+    sender.
+
+ NOTE: 
+
+   1. the certificateAlias has the above meaning for all the Sign and Encrypt elements below
+   2. there are several Sign and Encrypt elements below and similarly several RequireSignature and
+      RequireEncryption elements. Which of them would be actually used at runtime will depend on
+      the AuthPolicy passed to the module.
+
+      For Example : if Auth-Source=Sender then only the <xwss:UsernameToken> elements will be used
+      and none of the <xwss:Sign> elements will be used.
+      If Auth-Source=Content then the <xwss:Sign> element will be used
+
+   3.  The different variations of <xwss:Encrypt> elements in this configuration file are to accomodate
+       default encryption of the UsernameToken.
+
+   4.  The actual certificate alias to be used for any Signature operation can be modified during AuthModule
+       initialization by setting the alias as the value of "signature.key.alias" property in the Module Options Map.
+   5.  The actual certificate alias to be used for any Encrypt operation can be modified during AuthModule
+       initialization by setting the alias as the value of "encryption.key.alias" property in the Module Options Map.
+
+   6. Debug Dumping of Messages can be enabled by setting the "debug" property in the Module Options Map to "true" during
+      AuthModule initialization.
+   7. The Actual configuration file to be used by an Authmodule can be changed by setting the property "security.config" in
+      the Module Options Map to point to the configuration file location. 
+   8. When the "security.config" property is not set during module initialization then a client auth module will use wss-client-config-2.0.xml
+      by default.
+   9. When the "security.config" property is not set during module initialization then a server auth module will use wss-server-config-2.0.xml by default.
+  10. The property "dynamic.username.password" when set during module initialization to "true" will signal the provider runtime to collect the username and password from the CallbackHandler for each request. When this property is set to "false" or if the property is not set then the username and password for  wsse:UsernameToken(s) is collected once during Module Initialization.
+-->
+
+<xwss:SecurityConfiguration xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" 
+                            dumpMessages="false">                           
+    <xwss:Timestamp/>
+    <xwss:RequireUsernameToken nonceRequired="false" passwordDigestRequired="false"/>   
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireEncryption>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:RequireEncryption>
+    <xwss:RequireSignature>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:RequireSignature>     
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Encrypt>    
+     <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Encrypt>
+        <xwss:X509Token certificateAlias="s1as"/>
+        <xwss:KeyEncryptionMethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+        <xwss:Target type="qname">SOAP-BODY</xwss:Target>
+        <xwss:Target type="qname">{http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UsernameToken</xwss:Target>
+    </xwss:Encrypt>
+    <xwss:Sign>
+        <xwss:X509Token certificateAlias="s1as"/>
+    </xwss:Sign>
+    <xwss:UsernameToken digestPassword="false" useNonce="false"/>
+</xwss:SecurityConfiguration>