You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Hassan Faouaz <hf...@aidatech.com> on 2005/04/08 00:18:57 UTC
RE: AW: setting the canonicalization algorithm using axis deploym ent script????
I had to add to my wsdl elementFormDefault=qualified and then
regenerate the java client using WSDL2Java. Doing this, when I submit
the request, WebSphere 6.0 understands it since it doesnt see anymore
empty namespaces.
Thanks guys..
Hassan Faouaz
-----Original Message-----
From: Hassan Faouaz [mailto:hfaouaz@aidatech.com]
Sent: Thursday, April 07, 2005 7:49 AM
To: 'Granqvist, Hans'; 'Dittmann Werner'; fx-dev@ws.apache.org
Subject: RE: AW: setting the canonicalization algorithm using axis
deploym ent script????
This is what Werner found out as well. I will see if I can fix the
namespace problem some how, since I used AXIS WDL2JAVA class to create
the SOAP client.
Thank you guys
Werner wrote:
after looking at the requests I can see one main difference :
the handling and setting of namespace definitions insides the
soap body. If you compare both requests you can easily see
this difference.
IMHO this would explain why its sometimes work when you
change the c14n algorithms because c14n is responsible
to normalize the the namespace handling (among other things).
Hassan Faouaz
-----Original Message-----
From: Granqvist, Hans [mailto:hgranqvist@verisign.com]
Sent: Wednesday, April 06, 2005 2:50 PM
To: Dittmann Werner; Hassan Faouaz; fx-dev@ws.apache.org
Subject: RE: AW: setting the canonicalization algorithm using axis
deploym ent script????
Also: Make sure that there is concordance on the use of
inclusive-namespaces
in the exc-c14n. This seems to break a lot of interop attempts
-----Original Message-----
From: Dittmann Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, April 05, 2005 11:12 PM
To: 'Hassan Faouaz'; fx-dev@ws.apache.org
Subject: AW: AW: setting the canonicalization algorithm using axis
deploym ent script????
Hassan,
as for interop tests I would agree to go this route (and if, as a side
effect, we get a more flexible and configurable WSS4J - that's even
better :-) ).
What makes me wonder is that there are such problems with WAS
because we had successful interop tests with WSS4J and other
OASIS WSS implementations (pls refer to the WSS4J wiki).
May be we can help you if you can give use some more info
about the generated requests? Can you trace the requests and
just send it as attachment or so?
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com]
Gesendet: Dienstag, 5. April 2005 17:55
An: Dittmann Werner; fx-dev@ws.apache.org
Betreff: RE: *** Spam *** AW: setting the canonicalization algorithm
using axis deployment script????
Werner,
I agree with you with respect of interoperability. The reason why I am
venturing this route, is because I am trying to get WSS4J exchange
successfully a secured soap message with IBM WAS 6.0. I was able to
verify a signature from a return message from WAS 6.0, but I am not able
to get WAS 6.0 to verify a signature coming from WSS4J.
I went the route of using WSDP 1.5 from SUN, and I was able to exchange
secure messages by changing the canonicalization algorithm on
webSphere. So I thought to try to change the canonicalization algorithm
on WSS4J to see if that makes a difference.
Anyway, I will keep the resort of changing wss4j code as my last resort,
as much as I hate to maintain different set of code.
Thanks
Hassan Faouaz
-----Original Message-----
From: Dittmann Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, April 05, 2005 9:28 AM
To: 'Hassan Faouaz'; fx-dev@ws.apache.org
Subject: *** Spam *** AW: setting the canonicalization algorithm using
axis deployment script????
Hassan,
some of the parameters used by WSS4J are hardcoded (usually as
String in WSHandlerConstants). Most, if not all, of these "hardcoded"
parameters are required to have a specific value to ensure
interoperability.
For example c14n: AFAIK, it is required to be C14nExclusive, other
values would not work for interoperability (probably there is also a
technical
reason to have C14nExclusive - need to look at the specs).
Also the specific transformation algo (described in the OASIS WSS
specifications) is mandatory.
Thus, if you change c14n or transformation parameters you may do so
by modifying the code as you proposed. For the standard and
interoperable
use of WSS4J I wouldn't recommend it.
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com]
Gesendet: Dienstag, 5. April 2005 16:20
An: fx-dev@ws.apache.org
Betreff: setting the canonicalization algorithm using axis deployment
script????
I have realized that if you use AXIS deploy script, the canonicalization
algorthim is hardcoded. There is no way to change it, after looking at
the code. I had to change the WSSignEnvelope class to look at the
options in the deploy script. Is this implemented somewhere, that I am
not aware of?
Code changes I made to allow setting canonicalization algorithm in
WSDoAllSender.java, WSHandlerConstants.java.
<snip>
reqData.canonicalizationAlgo = (String)
getOption(WSHandlerConstants.CONANICALIZATION_ALGO);
if (reqData.canonicalizationAlgo != null){
wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);
}
</snip>
is that true for transform algorithm as well???
Thanks in advance..
Hassan
Re: AW: setting the canonicalization algorithm using axis deploym
ent script????
Posted by Werner Dittmann <We...@t-online.de>.
Thanks Hassan.
The same definition is also in the WSDL file that was used to generate
the code for the interop tests. This WSDL file was, in parts, supplied
by the OASIS WSS group. Pls refer to the interop/ping.wsdl file
in the WSS4J source tree.
It seems that using security requires very strict usage of the parameters
and definitions.
Regards,
Werner
Hassan Faouaz schrieb:
> Per Werner request, I have included the snippet of the wsdl before and
> after. Please note the only different is the following attribute
> *elementFormDefault**="qualified". *
>
>
>
> <snipet>
>
> <schema targetNamespace="http://service.proxy.tuc.com"
> xmlns="http://www.w3.org/2001/XMLSchema"
> xmlns:impl="http://service.proxy.tuc.com"
> xmlns:intf="http://service.proxy.tuc.com"
> xmlns:tns2="http://bean.soap.tuna.tuc.com"
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>
> <import namespace="http://bean.soap.tuc.com"/>
>
> <element name="getDiscResponse">
>
> <complexType>
>
> <sequence>
>
> <element name="getDiscReturn" nillable="true"
> type="tns2:SoapResponse"/>
>
> </sequence>
>
> </complexType>
>
> </element>
>
> <element name="getDiscl">
>
> <complexType>
>
>
>
> </snipet>
>
>
>
> after
>
>
>
> <snipet>
>
> <schema *elementFormDefault**="qualified"
> *targetNamespace="http://service.proxy.tuc.com"
> xmlns="http://www.w3.org/2001/XMLSchema"
> xmlns:impl="http://service.proxy.tuc.com"
> xmlns:intf="http://service.proxy.tuc.com"
> xmlns:tns2="http://bean.soap.tuna.tuc.com"
> xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema">
>
> <import namespace="http://bean.soap.tuc.com"/>
>
> <element name="getDiscResponse">
>
> <complexType>
>
> <sequence>
>
> <element name="getDiscReturn" nillable="true"
> type="tns2:SoapResponse"/>
>
> </sequence>
>
> </complexType>
>
> </element>
>
> <element name="getDiscl">
>
> <complexType>
>
>
>
> </snipet>
>
>
>
> Hassan Faouaz
>
>
>
>
>
> -----Original Message-----
> *From:* Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
> *Sent:* Saturday, April 09, 2005 3:26 AM
> *To:* Hassan Faouaz
> *Cc:* 'Granqvist, Hans'; 'Dittmann Werner'; fx-dev@ws.apache.org
> *Subject:* Re: AW: setting the canonicalization algorithm using axis
> deploym ent script???? <SOLVED>
>
>
>
> Hassan,
>
> great to hear that you had success. May I ask you a favour? Can you just
> post the WSDL file you used (or the relevant snippet)? Maybe both
> versions - the one that works and the one that doesn't? This would help
> many other users because WS is used quite often, isn't it :-) ?
>
> Regards,
> Werner
>
> Hassan Faouaz schrieb:
>
> I had to add to my wsdl elementFormDefault="qualified" and then
> regenerate the java client using WSDL2Java. Doing this, when I submit
> the request, WebSphere 6.0 understands it since it doesn't see anymore
> empty namespaces.
>
>
>
> Thanks guys..
>
>
>
> Hassan Faouaz
>
>
>
>
>
> -----Original Message-----
> *From:* Hassan Faouaz [mailto:hfaouaz@aidatech.com]
> *Sent:* Thursday, April 07, 2005 7:49 AM
> *To:* 'Granqvist, Hans'; 'Dittmann Werner'; fx-dev@ws.apache.org
> <ma...@ws.apache.org>
> *Subject:* RE: AW: setting the canonicalization algorithm using axis
> deploym ent script????
>
>
>
> This is what Werner found out as well. I will see if I can fix the
> namespace problem some how, since I used AXIS WDL2JAVA class to create
> the SOAP client.
>
>
>
> Thank you guys...
>
>
>
> Werner wrote:
>
>
>
> after looking at the requests I can see one main difference :
>
> the handling and setting of namespace definitions insides the
>
> soap body. If you compare both requests you can easily see
>
> this difference.
>
>
>
> IMHO this would explain why its sometimes work when you
>
> change the c14n algorithms because c14n is responsible
>
> to normalize the the namespace handling (among other things).
>
>
>
>
>
> Hassan Faouaz
>
>
>
>
>
> -----Original Message-----
> *From:* Granqvist, Hans [mailto:hgranqvist@verisign.com]
> *Sent:* Wednesday, April 06, 2005 2:50 PM
> *To:* Dittmann Werner; Hassan Faouaz; fx-dev@ws.apache.org
> <ma...@ws.apache.org>
> *Subject:* RE: AW: setting the canonicalization algorithm using axis
> deploym ent script????
>
>
>
> Also: Make sure that there is concordance on the use of
> inclusive-namespaces
>
> in the exc-c14n. This seems to break a lot of interop attempts
>
> -----Original Message-----
> *From:* Dittmann Werner [mailto:werner.dittmann@siemens.com]
> *Sent:* Tuesday, April 05, 2005 11:12 PM
> *To:* 'Hassan Faouaz'; fx-dev@ws.apache.org
> <ma...@ws.apache.org>
> *Subject:* AW: AW: setting the canonicalization algorithm using
> axis deploym ent script????
>
> Hassan,
>
>
>
> as for interop tests I would agree to go this route (and if, as a side
>
> effect, we get a more flexible and configurable WSS4J - that's
> even better :-) ).
>
>
>
> What makes me wonder is that there are such problems with WAS
>
> because we had successful interop tests with WSS4J and other
>
> OASIS WSS implementations (pls refer to the WSS4J wiki).
>
>
>
> May be we can help you if you can give use some more info
>
> about the generated requests? Can you trace the requests and
>
> just send it as attachment or so?
>
>
>
> Regards,
>
> Werner
>
> -----Ursprüngliche Nachricht-----
> *Von:* Hassan Faouaz [mailto:hfaouaz@aidatech.com]
> *Gesendet:* Dienstag, 5. April 2005 17:55
> *An:* Dittmann Werner; fx-dev@ws.apache.org
> <ma...@ws.apache.org>
> *Betreff:* RE: *** Spam *** AW: setting the canonicalization
> algorithm using axis deployment script????
>
> Werner,
>
>
>
> I agree with you with respect of interoperability. The reason
> why I am venturing this route, is because I am trying to get
> WSS4J exchange successfully a secured soap message with IBM
> WAS 6.0. I was able to verify a signature from a return
> message from WAS 6.0, but I am not able to get WAS 6.0 to
> verify a signature coming from WSS4J.
>
>
>
> I went the route of using WSDP 1.5 from SUN, and I was able
> to exchange secure messages by changing the canonicalization
> algorithm on webSphere. So I thought to try to change the
> canonicalization algorithm on WSS4J to see if that makes a
> difference.
>
>
>
> Anyway, I will keep the resort of changing wss4j code as my
> last resort, as much as I hate to maintain different set of code.
>
>
>
> Thanks
>
>
>
> Hassan Faouaz
>
>
>
>
>
>
>
> -----Original Message-----
> *From:* Dittmann Werner [mailto:werner.dittmann@siemens.com]
> *Sent:* Tuesday, April 05, 2005 9:28 AM
> *To:* 'Hassan Faouaz'; fx-dev@ws.apache.org
> <ma...@ws.apache.org>
> *Subject:* *** Spam *** AW: setting the canonicalization
> algorithm using axis deployment script????
>
>
>
> Hassan,
>
>
>
> some of the parameters used by WSS4J are hardcoded (usually as
>
> String in WSHandlerConstants). Most, if not all, of these
> "hardcoded"
>
> parameters are required to have a specific value to ensure
> interoperability.
>
> For example c14n: AFAIK, it is required to be C14nExclusive,
> other
>
> values would not work for interoperability (probably there is
> also a technical
>
> reason to have C14nExclusive - need to look at the specs).
>
>
>
> Also the specific transformation algo (described in the OASIS WSS
>
> specifications) is mandatory.
>
>
>
> Thus, if you change c14n or transformation parameters you may
> do so
>
> by modifying the code as you proposed. For the standard and
> interoperable
>
> use of WSS4J I wouldn't recommend it.
>
>
>
> Regards,
>
> Werner
>
> -----Ursprüngliche Nachricht-----
> *Von:* Hassan Faouaz [mailto:hfaouaz@aidatech.com]
> *Gesendet:* Dienstag, 5. April 2005 16:20
> *An:* fx-dev@ws.apache.org <ma...@ws.apache.org>
> *Betreff:* setting the canonicalization algorithm using
> axis deployment script????
>
> I have realized that if you use AXIS deploy script, the
> canonicalization algorthim is hardcoded. There is no way
> to change it, after looking at the code. I had to change
> the WSSignEnvelope class to look at the options in the
> deploy script. Is this implemented somewhere, that I am
> not aware of?
>
>
>
> Code changes I made to allow setting canonicalization
> algorithm in WSDoAllSender.java, WSHandlerConstants.java.
>
>
>
>
>
> <snip>
>
> reqData.canonicalizationAlgo = (String)
> getOption(WSHandlerConstants.CONANICALIZATION_ALGO);
>
>
>
> if (reqData.canonicalizationAlgo != null){
>
>
> wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);
>
> }
>
>
>
> </snip>
>
>
>
> is that true for transform algorithm as well???
>
>
>
> Thanks in advance..
>
>
>
> Hassan
>
>
>
>
>
>
>
RE: AW: setting the canonicalization algorithm using axis deploym ent script????
Posted by Hassan Faouaz <hf...@aidatech.com>.
Per Werner request, I have included the snippet of the wsdl before and
after. Please note the only different is the following attribute
elementFormDefault="qualified".
<snipet>
<schema targetNamespace="http://service.proxy.tuc.com"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:impl="http://service.proxy.tuc.com"
xmlns:intf="http://service.proxy.tuc.com"
xmlns:tns2="http://bean.soap.tuna.tuc.com"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<import namespace="http://bean.soap.tuc.com"/>
<element name="getDiscResponse">
<complexType>
<sequence>
<element name="getDiscReturn" nillable="true"
type="tns2:SoapResponse"/>
</sequence>
</complexType>
</element>
<element name="getDiscl">
<complexType>
</snipet>
after
<snipet>
<schema elementFormDefault="qualified"
targetNamespace="http://service.proxy.tuc.com"
xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:impl="http://service.proxy.tuc.com"
xmlns:intf="http://service.proxy.tuc.com"
xmlns:tns2="http://bean.soap.tuna.tuc.com"
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<import namespace="http://bean.soap.tuc.com"/>
<element name="getDiscResponse">
<complexType>
<sequence>
<element name="getDiscReturn" nillable="true"
type="tns2:SoapResponse"/>
</sequence>
</complexType>
</element>
<element name="getDiscl">
<complexType>
</snipet>
Hassan Faouaz
-----Original Message-----
From: Werner Dittmann [mailto:Werner.Dittmann@t-online.de]
Sent: Saturday, April 09, 2005 3:26 AM
To: Hassan Faouaz
Cc: 'Granqvist, Hans'; 'Dittmann Werner'; fx-dev@ws.apache.org
Subject: Re: AW: setting the canonicalization algorithm using axis
deploym ent script???? <SOLVED>
Hassan,
great to hear that you had success. May I ask you a favour? Can you just
post the WSDL file you used (or the relevant snippet)? Maybe both
versions - the one that works and the one that doesn't? This would help
many other users because WS is used quite often, isn't it :-) ?
Regards,
Werner
Hassan Faouaz schrieb:
I had to add to my wsdl elementFormDefault=qualified and then
regenerate the java client using WSDL2Java. Doing this, when I submit
the request, WebSphere 6.0 understands it since it doesnt see anymore
empty namespaces.
Thanks guys..
Hassan Faouaz
-----Original Message-----
From: Hassan Faouaz [mailto:hfaouaz@aidatech.com]
Sent: Thursday, April 07, 2005 7:49 AM
To: 'Granqvist, Hans'; 'Dittmann Werner'; <ma...@ws.apache.org>
fx-dev@ws.apache.org
Subject: RE: AW: setting the canonicalization algorithm using axis
deploym ent script????
This is what Werner found out as well. I will see if I can fix the
namespace problem some how, since I used AXIS WDL2JAVA class to create
the SOAP client.
Thank you guys
Werner wrote:
after looking at the requests I can see one main difference :
the handling and setting of namespace definitions insides the
soap body. If you compare both requests you can easily see
this difference.
IMHO this would explain why its sometimes work when you
change the c14n algorithms because c14n is responsible
to normalize the the namespace handling (among other things).
Hassan Faouaz
-----Original Message-----
From: Granqvist, Hans [mailto:hgranqvist@verisign.com]
Sent: Wednesday, April 06, 2005 2:50 PM
To: Dittmann Werner; Hassan Faouaz; <ma...@ws.apache.org>
fx-dev@ws.apache.org
Subject: RE: AW: setting the canonicalization algorithm using axis
deploym ent script????
Also: Make sure that there is concordance on the use of
inclusive-namespaces
in the exc-c14n. This seems to break a lot of interop attempts
-----Original Message-----
From: Dittmann Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, April 05, 2005 11:12 PM
To: 'Hassan Faouaz'; <ma...@ws.apache.org> fx-dev@ws.apache.org
Subject: AW: AW: setting the canonicalization algorithm using axis
deploym ent script????
Hassan,
as for interop tests I would agree to go this route (and if, as a side
effect, we get a more flexible and configurable WSS4J - that's even
better :-) ).
What makes me wonder is that there are such problems with WAS
because we had successful interop tests with WSS4J and other
OASIS WSS implementations (pls refer to the WSS4J wiki).
May be we can help you if you can give use some more info
about the generated requests? Can you trace the requests and
just send it as attachment or so?
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com]
Gesendet: Dienstag, 5. April 2005 17:55
An: Dittmann Werner; <ma...@ws.apache.org> fx-dev@ws.apache.org
Betreff: RE: *** Spam *** AW: setting the canonicalization algorithm
using axis deployment script????
Werner,
I agree with you with respect of interoperability. The reason why I am
venturing this route, is because I am trying to get WSS4J exchange
successfully a secured soap message with IBM WAS 6.0. I was able to
verify a signature from a return message from WAS 6.0, but I am not able
to get WAS 6.0 to verify a signature coming from WSS4J.
I went the route of using WSDP 1.5 from SUN, and I was able to exchange
secure messages by changing the canonicalization algorithm on
webSphere. So I thought to try to change the canonicalization algorithm
on WSS4J to see if that makes a difference.
Anyway, I will keep the resort of changing wss4j code as my last resort,
as much as I hate to maintain different set of code.
Thanks
Hassan Faouaz
-----Original Message-----
From: Dittmann Werner [mailto:werner.dittmann@siemens.com]
Sent: Tuesday, April 05, 2005 9:28 AM
To: 'Hassan Faouaz'; <ma...@ws.apache.org> fx-dev@ws.apache.org
Subject: *** Spam *** AW: setting the canonicalization algorithm using
axis deployment script????
Hassan,
some of the parameters used by WSS4J are hardcoded (usually as
String in WSHandlerConstants). Most, if not all, of these "hardcoded"
parameters are required to have a specific value to ensure
interoperability.
For example c14n: AFAIK, it is required to be C14nExclusive, other
values would not work for interoperability (probably there is also a
technical
reason to have C14nExclusive - need to look at the specs).
Also the specific transformation algo (described in the OASIS WSS
specifications) is mandatory.
Thus, if you change c14n or transformation parameters you may do so
by modifying the code as you proposed. For the standard and
interoperable
use of WSS4J I wouldn't recommend it.
Regards,
Werner
-----Ursprüngliche Nachricht-----
Von: Hassan Faouaz [mailto:hfaouaz@aidatech.com]
Gesendet: Dienstag, 5. April 2005 16:20
An: <ma...@ws.apache.org> fx-dev@ws.apache.org
Betreff: setting the canonicalization algorithm using axis deployment
script????
I have realized that if you use AXIS deploy script, the canonicalization
algorthim is hardcoded. There is no way to change it, after looking at
the code. I had to change the WSSignEnvelope class to look at the
options in the deploy script. Is this implemented somewhere, that I am
not aware of?
Code changes I made to allow setting canonicalization algorithm in
WSDoAllSender.java, WSHandlerConstants.java.
<snip>
reqData.canonicalizationAlgo = (String)
getOption(WSHandlerConstants.CONANICALIZATION_ALGO);
if (reqData.canonicalizationAlgo != null){
wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);
}
</snip>
is that true for transform algorithm as well???
Thanks in advance..
Hassan
Re: AW: setting the canonicalization algorithm using axis deploym
ent script????
Posted by Werner Dittmann <We...@t-online.de>.
Hassan,
great to hear that you had success. May I ask you a favour? Can you just
post the WSDL file you used (or the relevant snippet)? Maybe both
versions - the one that works and the one that doesn't? This would help
many other users because WS is used quite often, isn't it :-) ?
Regards,
Werner
Hassan Faouaz schrieb:
> I had to add to my wsdl elementFormDefault="qualified" and then
> regenerate the java client using WSDL2Java. Doing this, when I submit
> the request, WebSphere 6.0 understands it since it doesn't see anymore
> empty namespaces.
>
>
>
> Thanks guys..
>
>
>
> Hassan Faouaz
>
>
>
>
>
> -----Original Message-----
> *From:* Hassan Faouaz [mailto:hfaouaz@aidatech.com]
> *Sent:* Thursday, April 07, 2005 7:49 AM
> *To:* 'Granqvist, Hans'; 'Dittmann Werner'; fx-dev@ws.apache.org
> *Subject:* RE: AW: setting the canonicalization algorithm using axis
> deploym ent script????
>
>
>
> This is what Werner found out as well. I will see if I can fix the
> namespace problem some how, since I used AXIS WDL2JAVA class to create
> the SOAP client.
>
>
>
> Thank you guys...
>
>
>
> Werner wrote:
>
>
>
> after looking at the requests I can see one main difference :
>
> the handling and setting of namespace definitions insides the
>
> soap body. If you compare both requests you can easily see
>
> this difference.
>
>
>
> IMHO this would explain why its sometimes work when you
>
> change the c14n algorithms because c14n is responsible
>
> to normalize the the namespace handling (among other things).
>
>
>
>
>
> Hassan Faouaz
>
>
>
>
>
> -----Original Message-----
> *From:* Granqvist, Hans [mailto:hgranqvist@verisign.com]
> *Sent:* Wednesday, April 06, 2005 2:50 PM
> *To:* Dittmann Werner; Hassan Faouaz; fx-dev@ws.apache.org
> *Subject:* RE: AW: setting the canonicalization algorithm using axis
> deploym ent script????
>
>
>
> Also: Make sure that there is concordance on the use of
> inclusive-namespaces
>
> in the exc-c14n. This seems to break a lot of interop attempts
>
> -----Original Message-----
> *From:* Dittmann Werner [mailto:werner.dittmann@siemens.com]
> *Sent:* Tuesday, April 05, 2005 11:12 PM
> *To:* 'Hassan Faouaz'; fx-dev@ws.apache.org
> *Subject:* AW: AW: setting the canonicalization algorithm using
> axis deploym ent script????
>
> Hassan,
>
>
>
> as for interop tests I would agree to go this route (and if, as a side
>
> effect, we get a more flexible and configurable WSS4J - that's
> even better :-) ).
>
>
>
> What makes me wonder is that there are such problems with WAS
>
> because we had successful interop tests with WSS4J and other
>
> OASIS WSS implementations (pls refer to the WSS4J wiki).
>
>
>
> May be we can help you if you can give use some more info
>
> about the generated requests? Can you trace the requests and
>
> just send it as attachment or so?
>
>
>
> Regards,
>
> Werner
>
> -----Ursprüngliche Nachricht-----
> *Von:* Hassan Faouaz [mailto:hfaouaz@aidatech.com]
> *Gesendet:* Dienstag, 5. April 2005 17:55
> *An:* Dittmann Werner; fx-dev@ws.apache.org
> *Betreff:* RE: *** Spam *** AW: setting the canonicalization
> algorithm using axis deployment script????
>
> Werner,
>
>
>
> I agree with you with respect of interoperability. The reason
> why I am venturing this route, is because I am trying to get
> WSS4J exchange successfully a secured soap message with IBM
> WAS 6.0. I was able to verify a signature from a return
> message from WAS 6.0, but I am not able to get WAS 6.0 to
> verify a signature coming from WSS4J.
>
>
>
> I went the route of using WSDP 1.5 from SUN, and I was able
> to exchange secure messages by changing the canonicalization
> algorithm on webSphere. So I thought to try to change the
> canonicalization algorithm on WSS4J to see if that makes a
> difference.
>
>
>
> Anyway, I will keep the resort of changing wss4j code as my
> last resort, as much as I hate to maintain different set of code.
>
>
>
> Thanks
>
>
>
> Hassan Faouaz
>
>
>
>
>
>
>
> -----Original Message-----
> *From:* Dittmann Werner [mailto:werner.dittmann@siemens.com]
> *Sent:* Tuesday, April 05, 2005 9:28 AM
> *To:* 'Hassan Faouaz'; fx-dev@ws.apache.org
> *Subject:* *** Spam *** AW: setting the canonicalization
> algorithm using axis deployment script????
>
>
>
> Hassan,
>
>
>
> some of the parameters used by WSS4J are hardcoded (usually as
>
> String in WSHandlerConstants). Most, if not all, of these
> "hardcoded"
>
> parameters are required to have a specific value to ensure
> interoperability.
>
> For example c14n: AFAIK, it is required to be C14nExclusive,
> other
>
> values would not work for interoperability (probably there is
> also a technical
>
> reason to have C14nExclusive - need to look at the specs).
>
>
>
> Also the specific transformation algo (described in the OASIS WSS
>
> specifications) is mandatory.
>
>
>
> Thus, if you change c14n or transformation parameters you may
> do so
>
> by modifying the code as you proposed. For the standard and
> interoperable
>
> use of WSS4J I wouldn't recommend it.
>
>
>
> Regards,
>
> Werner
>
> -----Ursprüngliche Nachricht-----
> *Von:* Hassan Faouaz [mailto:hfaouaz@aidatech.com]
> *Gesendet:* Dienstag, 5. April 2005 16:20
> *An:* fx-dev@ws.apache.org
> *Betreff:* setting the canonicalization algorithm using
> axis deployment script????
>
> I have realized that if you use AXIS deploy script, the
> canonicalization algorthim is hardcoded. There is no way
> to change it, after looking at the code. I had to change
> the WSSignEnvelope class to look at the options in the
> deploy script. Is this implemented somewhere, that I am
> not aware of?
>
>
>
> Code changes I made to allow setting canonicalization
> algorithm in WSDoAllSender.java, WSHandlerConstants.java.
>
>
>
>
>
> <snip>
>
> reqData.canonicalizationAlgo = (String)
> getOption(WSHandlerConstants.CONANICALIZATION_ALGO);
>
>
>
> if (reqData.canonicalizationAlgo != null){
>
>
> wsSign.setSigCanonicalization(reqData.canonicalizationAlgo);
>
> }
>
>
>
> </snip>
>
>
>
> is that true for transform algorithm as well???
>
>
>
> Thanks in advance..
>
>
>
> Hassan
>
>
>
>
>