You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by Dennis Sosnoski <dm...@sosnoski.com> on 2004/11/02 09:44:11 UTC
Re: AXIS altering XML causing signatures to not validate.
Samuel Meder wrote:
>On Wed, 2004-10-27 at 11:53 -0600, Stuart Jensen wrote:
>
>
>>I was referring to the same document, but a section talking about
>>namespace prefixes. All I was trying to say was that namespace
>>prefixes are deemed an important "signable" thing in the signature.
>>They are not something that can be altered (after signing) with the
>>hopes that C14N will "clean it all up" at validation time.
>>
>>
>
>Ok, I misunderstood the problem. In any case shouldn't this only be a
>problem when writing a intermediary that actually
>deserializes/serializes the body and does not reuse the original body?
>Otherwise it would seem to me that if you build the dom tree used for
>canonicalization the same way axis does serialization there should be no
>problem. What is it that I am still missing?
>
>
I think the point here goes back to the example Stuart supplied a few
emails back, copied below. If this is accurate then there's just no way
*to* reuse the original body with Axis - it actually restructures XML
when serializing it in a way that's incompatible with C14N. That means
you could never safely use Axis as an intermediary in a transaction
using signatures.
- Dennis
Stuart's example:
----------------------------------------------------------------------
If you create a SOAPBodyElement with the following XML:
<soapenv:Body wsu:id="id-23412344"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-2004">
<somepfx:SomeTag id="e0sdoaeckrpd" xmlns="ns:uri:one"
xmlns:somepfx="ns:uri:one">hello</somepfx:SomeTag>
</soapenv:Body>
and then pass that SOAPBodyElement to the Call.invoke(Object[]) method
as a member of the Object[] parameter. Then the XML that is sent by
AXIS is the following:
<soapenv:Body wsu:id="id-23412344"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-2004">
<SomeTag id="e0sdoaeckrpd" xmlns="ns:uri:one"
xmlns:somepfx="ns:uri:one">hello</SomeTag>
</soapenv:Body>
Note that the only difference is that the namespace prefix "somepfx" has
been removed from the tag "SomeTag".
----------------------------------------------------------------------