You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Claus Ibsen <cl...@gmail.com> on 2016/02/09 08:01:35 UTC
Re: Camel-xmlsecurity :No XML schema found
You need to put the test.xsd file together with your Camel application
so they are in the same OSGi bundle, so the classloder can find the
file.
Look at some of the other osgi examples that are in the examples of Camel.
https://github.com/apache/camel/tree/master/examples
On Tue, Feb 9, 2016 at 6:16 AM, Jack Ding <hd...@yahoo.com.invalid> wrote:
> Hello,
>
> I am testing the XML Security component according to the example from the camel-xmlsecurity website. For example the following producer refers to the Test.xsd:
>
> <to uri="xmlsecurity:sign://detached?keyAccessor=#keyAccessorBean&xpathsToIdAttributes=#xpathsToIdAttributesBean&schemaResourceUri=Test.xsd" />
>
> I am testing this in the karaf and I have put the Test.xsd in the following folder:
>
> apache-karaf-2.3.11/instances/mytestinstance/
> However I am getting this error:
> org.apache.camel.component.xmlsecurity.api.XmlSignatureException: XML Signature component is wrongly configured: No XML schema found for specified schema resource URI Test.xsd
>
> My camel version is 2.14.3.
>
> According to the document it is the classpath:
> schemaResourceUri: Since 2.14.0. Classpath to the XML Schema file....
>
> Could anybody advise what the classpath exactly is and where I should I put the Test.xsd in Karaf container for xmlsecurity endpoint to access it?
>
> Thanks in advance
>
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Re: Camel-xmlsecurity :No XML schema found
Posted by Franz Paul Forsthofer <em...@googlemail.com>.
Hi Jack,
the XML Signature component does not support the KeyInfo content you
need. But what you could do is that you create the KeyInfo element on
your own before you call the XML Signature component.
Then I think it is better to use enveloped Signature than the detached
Signature mode. You have to provide an XSD for the total XML document
with soapenv:Envelope as root element. And you can use the option
"contentReferenceUri" to point to the element which should be signed.
In your example above the value of the contentReferenceUri must be
"#id-181AC833A9A23E3A2E14545684427885". See also the description of
the option in http://camel.apache.org/xml-security-component.html
Best Regards Franz
On Wed, Feb 10, 2016 at 2:15 AM, Jack Ding <hd...@yahoo.com.invalid> wrote:
> Thanks Claus,
> My ultimate goal is to create a soap secure header with signature in it. I am thinking to use detached mode plus referring the schemaResourceUri to the schema "http://schemas.xmlsoap.org/soap/envelope/". Now the problem seems to be the location of x509 certificate, which needs to be in the BinarySecurityToken element and referenced by SecurityTokenReference in the KeyInfo.
> Could you advise if the current camel-xmlsecurity supports this kind of soap secure header? If so, could you check if my above approach is feasible?
> For example, below is the format of the secure soap header we need.
> <soapenv:Envelope xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ser="http://webservices.cashedge.com/services" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-181AC833A9A23E3A2E145461038308455">MIIE4jCCA8qgAwIBAg...</wsse:BinarySecurityToken> <ds:Signature Id="SIG-181AC833A9A23E3A2E145461038308458" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="oas ser soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-181AC833A9A23E3A2E14545684427885"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="oas ser" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>cermnLLbtJrCVJ2wtmj4OmFOD3M=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>nrBdXPCD9PHkPe....p+icdOcQ==</ds:SignatureValue> <ds:KeyInfo Id="KI-181AC833A9A23E3A2E145461038308456"> <wsse:SecurityTokenReference wsu:Id="STR-181AC833A9A23E3A2E145461038308457"> <wsse:Reference URI="#X509-181AC833A9A23E3A2E145461038308455" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="TS-181AC833A9A23E3A2E145461038306854"> <wsu:Created>2016-02-04T18:26:23Z</wsu:Created> <wsu:Expires>2016-02-04T18:36:23Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body wsu:Id="id-181AC833A9A23E3A2E14545684427885" > ..... </soapenv:Body></soapenv:Envelope>
> Thanks in advance.
>
>
> On Tuesday, February 9, 2016 1:01 AM, Claus Ibsen <cl...@gmail.com> wrote:
>
>
> You need to put the test.xsd file together with your Camel application
> so they are in the same OSGi bundle, so the classloder can find the
> file.
>
> Look at some of the other osgi examples that are in the examples of Camel.
> https://github.com/apache/camel/tree/master/examples
>
> On Tue, Feb 9, 2016 at 6:16 AM, Jack Ding <hd...@yahoo.com.invalid> wrote:
>> Hello,
>>
>> I am testing the XML Security component according to the example from the camel-xmlsecurity website. For example the following producer refers to the Test.xsd:
>>
>> <to uri="xmlsecurity:sign://detached?keyAccessor=#keyAccessorBean&xpathsToIdAttributes=#xpathsToIdAttributesBean&schemaResourceUri=Test.xsd" />
>>
>> I am testing this in the karaf and I have put the Test.xsd in the following folder:
>>
>> apache-karaf-2.3.11/instances/mytestinstance/
>> However I am getting this error:
>> org.apache.camel.component.xmlsecurity.api.XmlSignatureException: XML Signature component is wrongly configured: No XML schema found for specified schema resource URI Test.xsd
>>
>> My camel version is 2.14.3.
>>
>> According to the document it is the classpath:
>> schemaResourceUri: Since 2.14.0. Classpath to the XML Schema file....
>>
>> Could anybody advise what the classpath exactly is and where I should I put the Test.xsd in Karaf container for xmlsecurity endpoint to access it?
>>
>> Thanks in advance
>>
>
>
>
> --
> Claus Ibsen
> -----------------
> http://davsclaus.com @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
>
>
Re: Camel-xmlsecurity :No XML schema found
Posted by Jack Ding <hd...@yahoo.com.INVALID>.
Thanks Claus,
My ultimate goal is to create a soap secure header with signature in it. I am thinking to use detached mode plus referring the schemaResourceUri to the schema "http://schemas.xmlsoap.org/soap/envelope/". Now the problem seems to be the location of x509 certificate, which needs to be in the BinarySecurityToken element and referenced by SecurityTokenReference in the KeyInfo.
Could you advise if the current camel-xmlsecurity supports this kind of soap secure header? If so, could you check if my above approach is feasible?
For example, below is the format of the secure soap header we need.
<soapenv:Envelope xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:ser="http://webservices.cashedge.com/services" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-181AC833A9A23E3A2E145461038308455">MIIE4jCCA8qgAwIBAg...</wsse:BinarySecurityToken> <ds:Signature Id="SIG-181AC833A9A23E3A2E145461038308458" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="oas ser soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:CanonicalizationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id-181AC833A9A23E3A2E14545684427885"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <ec:InclusiveNamespaces PrefixList="oas ser" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>cermnLLbtJrCVJ2wtmj4OmFOD3M=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>nrBdXPCD9PHkPe....p+icdOcQ==</ds:SignatureValue> <ds:KeyInfo Id="KI-181AC833A9A23E3A2E145461038308456"> <wsse:SecurityTokenReference wsu:Id="STR-181AC833A9A23E3A2E145461038308457"> <wsse:Reference URI="#X509-181AC833A9A23E3A2E145461038308455" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> <wsu:Timestamp wsu:Id="TS-181AC833A9A23E3A2E145461038306854"> <wsu:Created>2016-02-04T18:26:23Z</wsu:Created> <wsu:Expires>2016-02-04T18:36:23Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body wsu:Id="id-181AC833A9A23E3A2E14545684427885" > ..... </soapenv:Body></soapenv:Envelope>
Thanks in advance.
On Tuesday, February 9, 2016 1:01 AM, Claus Ibsen <cl...@gmail.com> wrote:
You need to put the test.xsd file together with your Camel application
so they are in the same OSGi bundle, so the classloder can find the
file.
Look at some of the other osgi examples that are in the examples of Camel.
https://github.com/apache/camel/tree/master/examples
On Tue, Feb 9, 2016 at 6:16 AM, Jack Ding <hd...@yahoo.com.invalid> wrote:
> Hello,
>
> I am testing the XML Security component according to the example from the camel-xmlsecurity website. For example the following producer refers to the Test.xsd:
>
> <to uri="xmlsecurity:sign://detached?keyAccessor=#keyAccessorBean&xpathsToIdAttributes=#xpathsToIdAttributesBean&schemaResourceUri=Test.xsd" />
>
> I am testing this in the karaf and I have put the Test.xsd in the following folder:
>
> apache-karaf-2.3.11/instances/mytestinstance/
> However I am getting this error:
> org.apache.camel.component.xmlsecurity.api.XmlSignatureException: XML Signature component is wrongly configured: No XML schema found for specified schema resource URI Test.xsd
>
> My camel version is 2.14.3.
>
> According to the document it is the classpath:
> schemaResourceUri: Since 2.14.0. Classpath to the XML Schema file....
>
> Could anybody advise what the classpath exactly is and where I should I put the Test.xsd in Karaf container for xmlsecurity endpoint to access it?
>
> Thanks in advance
>
--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2