You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by ra...@ralphholz.de on 2007/11/09 15:33:29 UTC
Controlling placement of in result XML tree
Hi,
How do I determine where the <ds:Signature> element is placed in the result
XML? E.g., I have a SOAP message like this:
<env:Envelope>
<env:Header ... />
<env:Body>
<pdpa:message>...</pdpa:message>
</env:Body>
</env:Envelope>
My code signs only the <pdpa:message> part (using XPath-Transforms). In the
resulting tree, the signature is added *after* the </env:Body>:
<env:Body>
<pdpa:message>...</pdpa:message>
</env:Body>
<ds:Signature>...</ds:Signature>
</env:Envelope>
I would, however, like to add it to the <pdpa:message> part:
<env:Body>
<pdpa:message>...</pdpa:message>
<ds:Signature>...</ds:Signature>
</env:Body>
</env:Envelope>
Reason: that way, I can just encrypt the <pdpa:message> (replace with
<xenc:EncryptedData>) and preserve a correct SOAP message (with a Body
element). The way it is now, I would encrypt the <pdpa:message> and have a
signature "on the outside", which I consider weaker due to the weaknesses in
SHA1.
The code for the XPath-Transformation is
String filter[][] = { { XPath2FilterContainer.INTERSECT,
"//Envelope/Body/message" } };
transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
XPath2FilterContainer.newInstances(insideDoc, filter));
Which I think is correct. Where do I make the mistake?
Thanks,
Ralph
--
For contact details, please see www.ralphholz.de.
Re: Controlling placement of in result XML tree
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi,
If you are planning to sign the message the standard [1] way then you
will have to place the "Signature" element in the "Security" header of
the SOAP message. The WS-Sec spcefication describes how to encrypt
and/or sign the message while preserving SOAP envelop structure.
You can do this using the Apache WSS4J if you are planning to
sign/encrypt SOAP messages.
Thanks,
Ruchith
1. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf
On Nov 9, 2007 8:03 PM, <ra...@ralphholz.de> wrote:
> Hi,
>
> How do I determine where the <ds:Signature> element is placed in the result
> XML? E.g., I have a SOAP message like this:
>
> <env:Envelope>
> <env:Header ... />
> <env:Body>
> <pdpa:message>...</pdpa:message>
> </env:Body>
> </env:Envelope>
>
> My code signs only the <pdpa:message> part (using XPath-Transforms). In the
> resulting tree, the signature is added *after* the </env:Body>:
>
> <env:Body>
> <pdpa:message>...</pdpa:message>
> </env:Body>
> <ds:Signature>...</ds:Signature>
> </env:Envelope>
>
> I would, however, like to add it to the <pdpa:message> part:
>
> <env:Body>
> <pdpa:message>...</pdpa:message>
> <ds:Signature>...</ds:Signature>
> </env:Body>
> </env:Envelope>
>
> Reason: that way, I can just encrypt the <pdpa:message> (replace with
> <xenc:EncryptedData>) and preserve a correct SOAP message (with a Body
> element). The way it is now, I would encrypt the <pdpa:message> and have a
> signature "on the outside", which I consider weaker due to the weaknesses in
> SHA1.
>
> The code for the XPath-Transformation is
>
> String filter[][] = { { XPath2FilterContainer.INTERSECT,
> "//Envelope/Body/message" } };
> transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
> XPath2FilterContainer.newInstances(insideDoc, filter));
>
> Which I think is correct. Where do I make the mistake?
>
> Thanks,
> Ralph
>
> --
> For contact details, please see www.ralphholz.de.
>
--
http://blog.ruchith.org
http://wso2.org