You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Lawrence Johnbosco <la...@gmail.com> on 2009/03/09 22:58:55 UTC

Valid Definitions of the "encryptionParts" in WS-Security

Hello,

I've a security requirement to encrypt only a part of the SOAP body and not
the Whole body. All the samples seems to refer only the encryption of Whole
Body like this:

     <entry key="encryptionParts" value="{Element}{
http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body
"/>

When I tried with my own version of encryptionParts definition, it doesn't
work.

Did any of you provide references to define only a specific portion of the
SOAP Body. Also, the specific portion may or may not present but at most one
element will be encrypted.


Thanks,
Lawrence

Re: Valid Definitions of the "encryptionParts" in WS-Security

Posted by Lawrence Johnbosco <la...@gmail.com>.

Thanks for the sample. That did the trick.

On Tue, Mar 10, 2009 at 6:45 AM, Mayank Mishra <ma...@gmail.com> wrote:

>  Lawrence Johnbosco wrote:
>
>> Hello,
>>
>> I've a security requirement to encrypt only a part of the SOAP body and
>> not
>> the Whole body. All the samples seems to refer only the encryption of
>> Whole
>> Body like this:
>>
>>     <entry key="encryptionParts" value="{Element}{
>>
>> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://www.w3.org/2000/09/xmldsig#%7DSignature%3B%7BContent%7D%7Bhttp://schemas.xmlsoap.org/soap/envelope/%7DBody>
>> "/>
>>
>> When I tried with my own version of encryptionParts definition, it doesn't
>> work.
>>
>> Did any of you provide references to define only a specific portion of the
>> SOAP Body. Also, the specific portion may or may not present but at most
>> one
>> element will be encrypted.
>>
>>
>> Thanks,
>> Lawrence
>>
>>
>>
>
> Yes, you can encrypt or sign your own specific body/header elements, like
> below,
>
> For a schema below:
>
> <wsdl:types>
>  <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="
> http://ws.xyz.com/"
>                   attributeFormDefault="unqualified"
> elementFormDefault="qualified"
>                   targetNamespace="http://ws.xyz.com/">
>           <xsd:element name="purchase">
>               <xsd:complexType>
>                   <xsd:sequence>
>                       <xsd:element minOccurs="0" name="arg0"
> type="xsd:string"/>
>                       <xsd:element minOccurs="0" name="arg1"
> type="xsd:string"/>
>                       <xsd:element name="arg2" type="xsd:int"/>
>                   </xsd:sequence>
>               </xsd:complexType>
>           </xsd:element>
>     ....
>             </xsd:schema>
> </wsdl:types>
>
> You can specify property as,
> <entry key="encryptionParts" value="{Element}{http://ws.xyz.com/}/arg1<http://ws.xyz.com/%7D/arg1>
> "/>
>
> or using ws-security policy as,
> <cns:arg1 xmlns:cns="http://ws.xyz.com/"/>
>
> With Regards,
> Mayank
>

Re: Valid Definitions of the "encryptionParts" in WS-Security

Posted by Mayank Mishra <ma...@gmail.com>.

Lawrence Johnbosco wrote:
> Hello,
>
> I've a security requirement to encrypt only a part of the SOAP body and not
> the Whole body. All the samples seems to refer only the encryption of Whole
> Body like this:
>
>      <entry key="encryptionParts" value="{Element}{
> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body
> "/>
>
> When I tried with my own version of encryptionParts definition, it doesn't
> work.
>
> Did any of you provide references to define only a specific portion of the
> SOAP Body. Also, the specific portion may or may not present but at most one
> element will be encrypted.
>
>
> Thanks,
> Lawrence
>
>   

Yes, you can encrypt or sign your own specific body/header elements, 
like below,

For a schema below:

<wsdl:types>
  <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" 
xmlns:tns="http://ws.xyz.com/"
                    attributeFormDefault="unqualified" 
elementFormDefault="qualified"
                    targetNamespace="http://ws.xyz.com/">
            <xsd:element name="purchase">
                <xsd:complexType>
                    <xsd:sequence>
                        <xsd:element minOccurs="0" name="arg0" 
type="xsd:string"/>
                        <xsd:element minOccurs="0" name="arg1" 
type="xsd:string"/>
                        <xsd:element name="arg2" type="xsd:int"/>
                    </xsd:sequence>
                </xsd:complexType>
            </xsd:element>
      ....
     
          </xsd:schema>
</wsdl:types>

You can specify property as,
<entry key="encryptionParts" value="{Element}{http://ws.xyz.com/}/arg1"/>

or using ws-security policy as,
<cns:arg1 xmlns:cns="http://ws.xyz.com/"/>

With Regards,
Mayank