You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@axis.apache.org by Din%$h <xy...@gmail.com> on 2005/02/24 11:02:08 UTC

Re: need to access Soap Body from Serializer

Hi,
     When we doing encryption ,  We get a body as a string and parse
it to DOM Document .

Please correct me if I'm wrong , In axis engine we build a DOM Tree
and then retrieve Headers and other wanted things as we want??

Is there a possibility to get access to DOM tree directly, If we able
to get DOM Document directly that will be more efficient to perform
encryption/decryption.rather than parsing string into DOM Document.

U'r suggestions are warmly welcome !!!

thanks
regards,
Dinesh

Re: need to access Soap Body from Serializer

Posted by John Hawkins <ha...@uk.ibm.com>.

Hi Dasarath,

could you give us an overview of AXIOM and what that would mean to our 
current OO model?





Dasarath Weeratunge <da...@yahoo.com> 
06/03/2005 14:38
Please respond to
"Apache AXIS C Developers List"


To
Apache AXIS C Developers List <ax...@ws.apache.org>, 
sameera@gamebox.net
cc

Subject
Re: need to access Soap Body from Serializer






Since Axis C++ needs an object model why not port
AXIOM which is been used with Axis2 to C++ and get the
ecoding support completed in Guththila (the C++ pull
parser).

Porting OM will not be a problem if someone can help
with getting encoding support in the pull parser
fixed.

Regards,
--Dasarath

--- Sameera Perera <ww...@gmail.com> wrote:

> Hi,
> 
> We've come up with a solution for our problems. But
> kindda looks like a hack.
> We need your blessing on this. ;-)
> Please see explanation attached.
> 
> 
> On Thu, 24 Feb 2005 13:07:09 +0000, John Hawkins
> <ha...@uk.ibm.com> wrote:
> > 
> > We've recently looked into this area and it does
> not look easy to do :-( 
> > 
> > 
> > 
> > 
> >  Samisa Abeysinghe <sa...@gmail.com> 
> > 
> > 24/02/2005 11:18 
> > 
> > Please respond to
> >  "Apache AXIS C Developers List" 
> > 
> > 
> > To Apache AXIS C Developers List
> <ax...@ws.apache.org>, Din%$h
> > <xy...@gmail.com> 
> > 
> > cc 
> > 
> > Subject Re: need to access Soap Body from
> Serializer 
> > 
> > 
> > 
> > 
> > 
> > Well I do not think we have a dom tree. :( We use
> SAX with a pull model.
> > 
> >  However, there are some issues raised in Jira to
> support what you are
> >  looking for to support WS-Sec. It is not yet
> implemented though.
> > 
> >  Samisa...
> > 
> > 
> > 
> >  On Thu, 24 Feb 2005 02:02:08 -0800, Din%$h
> <xy...@gmail.com> wrote:
> >  > Hi,
> >  >     When we doing encryption ,  We get a body
> as a string and parse
> >  > it to DOM Document .
> >  > 
> >  > Please correct me if I'm wrong , In axis engine
> we build a DOM Tree
> >  > and then retrieve Headers and other wanted
> things as we want??
> >  > 
> >  > Is there a possibility to get access to DOM
> tree directly, If we able
> >  > to get DOM Document directly that will be more
> efficient to perform
> >  > encryption/decryption.rather than parsing
> string into DOM Document.
> >  > 
> >  > U'r suggestions are warmly welcome !!!
> >  > 
> >  > thanks
> >  > regards,
> >  > Dinesh
> >  >
> > 
> > 
> 
> 
> -- 
> 
> Best regards,
> Sameera Perera
> > 2.2 Current Issues with Digital Signature
> Implementation
> 
> The ideal approach for integrating WSS4C (and thus
> WS-Security) into Axis C++ is to implement it as a
> Global Handler. This would effectively restrict the
> WSS4C accessible interface for the SOAP
> request/response to;
> 1. IHandlerSoapSerializer
> 2. IHandlerSoapDeSerializer
> 
> Implications of this are:
> 
> 1. WSS4C can only get/set the SOAP Body as a
> character or binary stream. If DOM like processing
> is required on the body, WSS4C itself has to utilize
> a third party XML DOM Parser to create such a DOM.
> The DOM so created, requires to be serialized by
> WSS4C again, before being released back to Axis.
> 
> 2. Since the SOAP Header is not available as either
> a character or binary stream, WSS4C will not be able
> to construct a full DOM Document in this manner.
> 
> These constraints, hinders the implementation of
> WSS4C in the following manner:
> 
> 1. The WS Security specification allows for any
> element in the SOAP Body to be signed independently.
> A web service may require that the whole message
> Body be signed while another may only require a
> single element carrying sensitive information to be
> signed. Such selection is possible only through a
> DOM-like interface for the Body, which is not
> directly accessible through Axis.
> 
> 2. The specification singles out detached Signatures
> as the only signature type to be used. While the
> specification does not dictate that the signature be
> added to the wsse:Security header block, it has been
> favored. In outflow conditions, where WSS4C is
> signing the SOAP message, the SOAP Header would need
> to be modified. In inflow conditions, where WSS4C is
> verifying the signatures, the SOAP header would need
> to be checked to obtain the required information.
> While Axis is fully capable of facilitating such
> interactions with the Header, problem suffices if
> when a fully XML Signature compliant library such as
> the Apache?s XSEC is used for signing and
> verification. Such libraries, keeping with the XML
> Signature Proposed Recommendation
>
(http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/)
> would try to insert such header information
> themselves. 
> Since, this header information is exactly what we
> need to included in the WSS compliant signed
> envelope, we?d probably have to recreate them using
> the Axis API.
> 
> Considering factors such as efficiency and server
> loading we have come up with several alternative
> approaches for the implementation of WSS4C. The
> following section outlines the most promising one
> among them.
> 
> To build up a DOM Document the following
> (pseudo-coded) method may be adopted.
> 
> soap_body_string = GetBodyAsString()
> soap_message_string = 
> ?<SOAP-ENV:Envelope
> xmlns:SOAP-ENV=\??\?><SOAP-ENV:Body>? +
> soap_body_string + 
> ?</SOAP-ENV:Body></SOAP-ENV:Envelope>?
> DOM_document = parseToDOM(soap_message_string)
> 
> Now, using XSEC::DSIGSignature we could easily apply
> a XML Digital Signature to this DOM. However, this
> would generate a large number of header information
> inside <SOAP-ENV:Header> that we are unable to send
> back to Axis (unless of course, we recreate them
> using the serializer).
> 
> Therefore we could simply re-implement
> DSIGSignature?s signing logic inside our handler
> replacing all calls to modify <SOAP-ENV:Header> with
> corresponding calls to the IHandlerSoapSerializer.
> 
> The Digital Signature verification too may proceed
> in a similar manner.
> While effectively cutting down the amount of parsing
> that is required at the handler level, this approach
> still cannot circumvent the problem of having to
> reparse a SOAP request that Axis has already parsed
> using its SAX based pull parser. However,
> considering that Axis would actually be parsing the
> SOAP headers only, with the body being simply
> retrieved, argument may be made that we are not
> reparsing already parsed information.
> 



 
 
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/

Re: need to access Soap Body from Serializer

Posted by Dasarath Weeratunge <da...@yahoo.com>.

Since Axis C++ needs an object model why not port
AXIOM which is been used with Axis2 to C++ and get the
ecoding support completed in Guththila (the C++ pull
parser).

Porting OM will not be a problem if someone can help
with getting encoding support in the pull parser
fixed.

Regards,
--Dasarath

--- Sameera Perera <ww...@gmail.com> wrote:

> Hi,
> 
> We've come up with a solution for our problems. But
> kindda looks like a hack.
> We need your blessing on this. ;-)
> Please see explanation attached.
> 
> 
> On Thu, 24 Feb 2005 13:07:09 +0000, John Hawkins
> <ha...@uk.ibm.com> wrote:
> >  
> > We've recently looked into this area and it does
> not look easy to do :-( 
> >  
> >  
> >  
> >  
> >  Samisa Abeysinghe <sa...@gmail.com> 
> > 
> > 24/02/2005 11:18 
> >  
> > Please respond to
> >  "Apache AXIS C Developers List" 
> >  
> >  
> > To Apache AXIS C Developers List
> <ax...@ws.apache.org>, Din%$h
> > <xy...@gmail.com> 
> >  
> > cc 
> >  
> > Subject Re: need to access Soap Body from
> Serializer 
> >  
> >  
> >  
> >  
> >  
> > Well I do not think we have a dom tree. :( We use
> SAX with a pull model.
> >  
> >  However, there are some issues raised in Jira to
> support what you are
> >  looking for to support WS-Sec. It is not yet
> implemented though.
> >  
> >  Samisa...
> >  
> >  
> >  
> >  On Thu, 24 Feb 2005 02:02:08 -0800, Din%$h
> <xy...@gmail.com> wrote:
> >  > Hi,
> >  >     When we doing encryption ,  We get a body
> as a string and parse
> >  > it to DOM Document .
> >  > 
> >  > Please correct me if I'm wrong , In axis engine
> we build a DOM Tree
> >  > and then retrieve Headers and other wanted
> things as we want??
> >  > 
> >  > Is there a possibility to get access to DOM
> tree directly, If we able
> >  > to get DOM Document directly that will be more
> efficient to perform
> >  > encryption/decryption.rather than parsing
> string into DOM Document.
> >  > 
> >  > U'r suggestions are warmly welcome !!!
> >  > 
> >  > thanks
> >  > regards,
> >  > Dinesh
> >  >
> >  
> >  
> 
> 
> -- 
> 
> Best regards,
> Sameera Perera
> > 2.2 Current Issues with Digital Signature
> Implementation
> 
> The ideal approach for integrating WSS4C (and thus
> WS-Security) into Axis C++ is to implement it as a
> Global Handler. This would effectively restrict the
> WSS4C accessible interface for the SOAP
> request/response to;
> 1. IHandlerSoapSerializer
> 2. IHandlerSoapDeSerializer
> 
> Implications of this are:
> 
> 1. WSS4C can only get/set the SOAP Body as a
> character or binary stream. If DOM like processing
> is required on the body, WSS4C itself has to utilize
> a third party XML DOM Parser to create such a DOM.
> The DOM so created, requires to be serialized by
> WSS4C again, before being released back to Axis.
> 
> 2. Since the SOAP Header is not available as either
> a character or binary stream, WSS4C will not be able
> to construct a full DOM Document in this manner.
> 
> These constraints, hinders the implementation of
> WSS4C in the following manner:
> 
> 1. The WS Security specification allows for any
> element in the SOAP Body to be signed independently.
> A web service may require that the whole message
> Body be signed while another may only require a
> single element carrying sensitive information to be
> signed. Such selection is possible only through a
> DOM-like interface for the Body, which is not
> directly accessible through Axis.
> 
> 2. The specification singles out detached Signatures
> as the only signature type to be used. While the
> specification does not dictate that the signature be
> added to the wsse:Security header block, it has been
> favored. In outflow conditions, where WSS4C is
> signing the SOAP message, the SOAP Header would need
> to be modified. In inflow conditions, where WSS4C is
> verifying the signatures, the SOAP header would need
> to be checked to obtain the required information.
> While Axis is fully capable of facilitating such
> interactions with the Header, problem suffices if
> when a fully XML Signature compliant library such as
> the Apache�s XSEC is used for signing and
> verification. Such libraries, keeping with the XML
> Signature Proposed Recommendation
>
(http://www.w3.org/TR/2001/PR-xmldsig-core-20010820/)
> would try to insert such header information
> themselves. 
> Since, this header information is exactly what we
> need to included in the WSS compliant signed
> envelope, we�d probably have to recreate them using
> the Axis API.
> 
> Considering factors such as efficiency and server
> loading we have come up with several alternative
> approaches for the implementation of WSS4C. The
> following section outlines the most promising one
> among them.
> 
> To build up a DOM Document the following
> (pseudo-coded) method may be adopted.
> 
> soap_body_string = GetBodyAsString()
> soap_message_string = 
> �<SOAP-ENV:Envelope
> xmlns:SOAP-ENV=\��\�><SOAP-ENV:Body>� +
> soap_body_string + 
> �</SOAP-ENV:Body></SOAP-ENV:Envelope>�
> DOM_document = parseToDOM(soap_message_string)
> 
> Now, using XSEC::DSIGSignature we could easily apply
> a XML Digital Signature to this DOM. However, this
> would generate a large number of header information
> inside <SOAP-ENV:Header> that we are unable to send
> back to Axis (unless of course, we recreate them
> using the serializer).
> 
> Therefore we could simply re-implement
> DSIGSignature�s signing logic inside our handler
> replacing all calls to modify <SOAP-ENV:Header> with
> corresponding calls to the IHandlerSoapSerializer.
> 
> The Digital Signature verification too may proceed
> in a similar manner.
> While effectively cutting down the amount of parsing
> that is required at the handler level, this approach
> still cannot circumvent the problem of having to
> reparse a SOAP request that Axis has already parsed
> using its SAX based pull parser. However,
> considering that Axis would actually be parsing the
> SOAP headers only, with the body being simply
> retrieved, argument may be made that we are not
> reparsing already parsed information.
> 



	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/

Re: need to access Soap Body from Serializer

Posted by Sameera Perera <ww...@gmail.com>.

Hi,

We've come up with a solution for our problems. But kindda looks like a hack.
We need your blessing on this. ;-)
Please see explanation attached.


On Thu, 24 Feb 2005 13:07:09 +0000, John Hawkins <ha...@uk.ibm.com> wrote:
>  
> We've recently looked into this area and it does not look easy to do :-( 
>  
>  
>  
>  
>  Samisa Abeysinghe <sa...@gmail.com> 
> 
> 24/02/2005 11:18 
>  
> Please respond to
>  "Apache AXIS C Developers List" 
>  
>  
> To Apache AXIS C Developers List <ax...@ws.apache.org>, Din%$h
> <xy...@gmail.com> 
>  
> cc 
>  
> Subject Re: need to access Soap Body from Serializer 
>  
>  
>  
>  
>  
> Well I do not think we have a dom tree. :( We use SAX with a pull model.
>  
>  However, there are some issues raised in Jira to support what you are
>  looking for to support WS-Sec. It is not yet implemented though.
>  
>  Samisa...
>  
>  
>  
>  On Thu, 24 Feb 2005 02:02:08 -0800, Din%$h <xy...@gmail.com> wrote:
>  > Hi,
>  >     When we doing encryption ,  We get a body as a string and parse
>  > it to DOM Document .
>  > 
>  > Please correct me if I'm wrong , In axis engine we build a DOM Tree
>  > and then retrieve Headers and other wanted things as we want??
>  > 
>  > Is there a possibility to get access to DOM tree directly, If we able
>  > to get DOM Document directly that will be more efficient to perform
>  > encryption/decryption.rather than parsing string into DOM Document.
>  > 
>  > U'r suggestions are warmly welcome !!!
>  > 
>  > thanks
>  > regards,
>  > Dinesh
>  >
>  
>  


-- 

Best regards,
Sameera Perera

Re: need to access Soap Body from Serializer

Posted by John Hawkins <ha...@uk.ibm.com>.

We've recently looked into this area and it does not look easy to do :-(




Samisa Abeysinghe <sa...@gmail.com> 
24/02/2005 11:18
Please respond to
"Apache AXIS C Developers List"


To
Apache AXIS C Developers List <ax...@ws.apache.org>, Din%$h 
<xy...@gmail.com>
cc

Subject
Re: need to access Soap Body from Serializer






Well I do not think we have a dom tree. :( We use SAX with a pull model.

However, there are some issues raised in Jira to support what you are
looking for to support WS-Sec. It is not yet implemented though.

Samisa...



On Thu, 24 Feb 2005 02:02:08 -0800, Din%$h <xy...@gmail.com> wrote:
> Hi,
>     When we doing encryption ,  We get a body as a string and parse
> it to DOM Document .
> 
> Please correct me if I'm wrong , In axis engine we build a DOM Tree
> and then retrieve Headers and other wanted things as we want??
> 
> Is there a possibility to get access to DOM tree directly, If we able
> to get DOM Document directly that will be more efficient to perform
> encryption/decryption.rather than parsing string into DOM Document.
> 
> U'r suggestions are warmly welcome !!!
> 
> thanks
> regards,
> Dinesh
>

Re: need to access Soap Body from Serializer

Posted by Samisa Abeysinghe <sa...@gmail.com>.

Well I do not think we have a dom tree. :( We use SAX with a pull model.

However, there are some issues raised in Jira to support what you are
looking for to support WS-Sec. It is not yet implemented though.

Samisa...



On Thu, 24 Feb 2005 02:02:08 -0800, Din%$h <xy...@gmail.com> wrote:
> Hi,
>     When we doing encryption ,  We get a body as a string and parse
> it to DOM Document .
> 
> Please correct me if I'm wrong , In axis engine we build a DOM Tree
> and then retrieve Headers and other wanted things as we want??
> 
> Is there a possibility to get access to DOM tree directly, If we able
> to get DOM Document directly that will be more efficient to perform
> encryption/decryption.rather than parsing string into DOM Document.
> 
> U'r suggestions are warmly welcome !!!
> 
> thanks
> regards,
> Dinesh
>