You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Lawrence Johnbosco <la...@gmail.com> on 2009/03/09 22:58:55 UTC
Valid Definitions of the "encryptionParts" in WS-Security
Hello,
I've a security requirement to encrypt only a part of the SOAP body and not
the Whole body. All the samples seems to refer only the encryption of Whole
Body like this:
<entry key="encryptionParts" value="{Element}{
http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body
"/>
When I tried with my own version of encryptionParts definition, it doesn't
work.
Did any of you provide references to define only a specific portion of the
SOAP Body. Also, the specific portion may or may not present but at most one
element will be encrypted.
Thanks,
Lawrence
Re: Valid Definitions of the "encryptionParts" in WS-Security
Posted by Lawrence Johnbosco <la...@gmail.com>.
Thanks for the sample. That did the trick.
On Tue, Mar 10, 2009 at 6:45 AM, Mayank Mishra <ma...@gmail.com> wrote:
> Lawrence Johnbosco wrote:
>
>> Hello,
>>
>> I've a security requirement to encrypt only a part of the SOAP body and
>> not
>> the Whole body. All the samples seems to refer only the encryption of
>> Whole
>> Body like this:
>>
>> <entry key="encryptionParts" value="{Element}{
>>
>> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body<http://www.w3.org/2000/09/xmldsig#%7DSignature%3B%7BContent%7D%7Bhttp://schemas.xmlsoap.org/soap/envelope/%7DBody>
>> "/>
>>
>> When I tried with my own version of encryptionParts definition, it doesn't
>> work.
>>
>> Did any of you provide references to define only a specific portion of the
>> SOAP Body. Also, the specific portion may or may not present but at most
>> one
>> element will be encrypted.
>>
>>
>> Thanks,
>> Lawrence
>>
>>
>>
>
> Yes, you can encrypt or sign your own specific body/header elements, like
> below,
>
> For a schema below:
>
> <wsdl:types>
> <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:tns="
> http://ws.xyz.com/"
> attributeFormDefault="unqualified"
> elementFormDefault="qualified"
> targetNamespace="http://ws.xyz.com/">
> <xsd:element name="purchase">
> <xsd:complexType>
> <xsd:sequence>
> <xsd:element minOccurs="0" name="arg0"
> type="xsd:string"/>
> <xsd:element minOccurs="0" name="arg1"
> type="xsd:string"/>
> <xsd:element name="arg2" type="xsd:int"/>
> </xsd:sequence>
> </xsd:complexType>
> </xsd:element>
> ....
> </xsd:schema>
> </wsdl:types>
>
> You can specify property as,
> <entry key="encryptionParts" value="{Element}{http://ws.xyz.com/}/arg1<http://ws.xyz.com/%7D/arg1>
> "/>
>
> or using ws-security policy as,
> <cns:arg1 xmlns:cns="http://ws.xyz.com/"/>
>
> With Regards,
> Mayank
>
Re: Valid Definitions of the "encryptionParts" in WS-Security
Posted by Mayank Mishra <ma...@gmail.com>.
Lawrence Johnbosco wrote:
> Hello,
>
> I've a security requirement to encrypt only a part of the SOAP body and not
> the Whole body. All the samples seems to refer only the encryption of Whole
> Body like this:
>
> <entry key="encryptionParts" value="{Element}{
> http://www.w3.org/2000/09/xmldsig#}Signature;{Content}{http://schemas.xmlsoap.org/soap/envelope/}Body
> "/>
>
> When I tried with my own version of encryptionParts definition, it doesn't
> work.
>
> Did any of you provide references to define only a specific portion of the
> SOAP Body. Also, the specific portion may or may not present but at most one
> element will be encrypted.
>
>
> Thanks,
> Lawrence
>
>
Yes, you can encrypt or sign your own specific body/header elements,
like below,
For a schema below:
<wsdl:types>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://ws.xyz.com/"
attributeFormDefault="unqualified"
elementFormDefault="qualified"
targetNamespace="http://ws.xyz.com/">
<xsd:element name="purchase">
<xsd:complexType>
<xsd:sequence>
<xsd:element minOccurs="0" name="arg0"
type="xsd:string"/>
<xsd:element minOccurs="0" name="arg1"
type="xsd:string"/>
<xsd:element name="arg2" type="xsd:int"/>
</xsd:sequence>
</xsd:complexType>
</xsd:element>
....
</xsd:schema>
</wsdl:types>
You can specify property as,
<entry key="encryptionParts" value="{Element}{http://ws.xyz.com/}/arg1"/>
or using ws-security policy as,
<cns:arg1 xmlns:cns="http://ws.xyz.com/"/>
With Regards,
Mayank