currently I am developing webservices in Java and I would like to secure those with the apache rampart module. I was able to secure those webservices by using public and private key on both sides(server and client). Certainly both have their own key pair. And every side got the public key from the other side. Now I want to change my webservices to only use public and private key on server side. Like it is usally used in the web(e.g. online banking). I am able to provide the public key of the server to the client, that would be no problem. But unfortunately I do not know how to configure the policy.xml file. Today I use an adapted version of the rampart samle 3 which looks like the following:
How do I have to change the policy.xml so that client will encrypt with the public key of the server annd server will encrypt with (generated and sent) public key from client and sign with private key of server?
I suppose that my question is a bit confusing written So I try it a bit simpler and shorter: