Sending the SOAP message without StAX... Is it possible?

[jmdev <jh...@yahoo.com>]

My current project requires the use of 3rd party Axis 1.* handlers to format
a SOAP message.  One of the handlers is a custom digital signature handler
which digitally signs selective parts of the message.  I have successfully
called the handler from a CXF SOAPHandler.  The problem is that the
subsequent conversion of the SoapMessage to a stream using StAX is
invalidating the digital signatures since the message is "rebuilt".  

Would it be possible to send the SOAPMessage from the handlers as-is without
processing by the StAX based interceptors?  If so, what would I need to do
to accomplish this?

Thanks for the help!
-- 
View this message in context: http://www.nabble.com/Sending-the-SOAP-message-without-StAX...--Is-it-possible--tp19867367p19867367.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Sending the SOAP message without StAX... Is it possible?

[jmdev <jh...@yahoo.com>]

By removing the following interceptors:

org.apache.cxf.binding.soap.saaj.SAAJOutInterceptor$SAAJOutEndingInterceptor
org.apache.cxf.binding.soap.interceptor.SoapOutInterceptor$SoapOutEndingInterceptor
org.apache.cxf.interceptor.StaxOutInterceptor$StaxOutEndingInterceptor

and writing my modified document directly to message.setContent(...) I was
able to avoid the StAX steps that seemed to alter my XML, causing the
digital signatures to fail.  Some of the changes seemed to be the addition
of soap:mustUnderstand and soap:actor attributes as well as the location of
namespaces within the document (whether the namespace was within a parent
element or the actual element itself).  

I actually ran the WS-Security piece that CXF was bundled with in hopes that
I could use that instead, but from the doc's I didn't see how to selectively
sign only certain elements.  Following the documentation I signed the entire
document.  

Could you point me to something that shows how to sign individual elements
(have more than one signature)?    

Thanks again!

-- 
View this message in context: http://www.nabble.com/Sending-the-SOAP-message-without-StAX...--Is-it-possible--tp19867367p19919824.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Sending the SOAP message without StAX... Is it possible?

[Daniel Kulp <dk...@apache.org>]

On Tuesday 07 October 2008 5:11:05 pm jmdev wrote:
> My current project requires the use of 3rd party Axis 1.* handlers to
> format a SOAP message.  One of the handlers is a custom digital signature
> handler which digitally signs selective parts of the message.  I have
> successfully called the handler from a CXF SOAPHandler.  The problem is
> that the subsequent conversion of the SoapMessage to a stream using StAX is
> invalidating the digital signatures since the message is "rebuilt".
>
> Would it be possible to send the SOAPMessage from the handlers as-is
> without processing by the StAX based interceptors?  If so, what would I
> need to do to accomplish this?

Honestly, I don't think there is a way to do it now.   However, I'm trying to 
see why it would impact this.   Our own WS-Security interceptors do the same 
thing digitally signing particular elements and such and it doesn't have any 
problem going through the stax stuff at all.     If the signing and 
verification is done on canonicalized form of the XML like the specs say it 
should be, then it shouldn't matter. 

Basically, I'd like to know what the stax stuff is doing that would cause the 
signatures to be "different".   

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog