You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Yves Langisch <li...@langisch.ch> on 2004/06/18 15:40:07 UTC
mandatory signature parts
All,
At server side I would like to ensure that an arriving request has one
or more specific elements signed. For example I want to be sure that the
body element is always signed. About other signed elements I don't mind,
I just check them.
How can this be done with WSS4J? There is the property 'signatureParts'
but if I'm not wrong it's only relevant for the sender handler. I also
checked the WSSecurityEngineResult class but there is no possibility to
get the signed element out of.
Thanks
Yves
Re: mandatory signature parts
Posted by Yves Langisch <li...@langisch.ch>.
Werner,
Did you already find a reasonable way to get the wanted info?
Regards,
Yves
On Mon, 2004-06-21 at 09:26, Yves Langisch wrote:
> Werner,
>
> Yes, the signed parts as QName elements would be perfect :-)
>
> Thanks,
> Yves
>
> On Sat, 2004-06-19 at 14:06, Werner Dittmann wrote:
> > Yves,
> >
> > seems to be a good idea :-).
> >
> > Just a short question:
> > would it be enough for the reveiver to know which parts
> > were signed, i.e. the full qualified names (namespace URI and
> > local name) as QName elements? This would mirror the sender's
> > behaviour.
> > IMO this info would be enough the check if all required parts
> > were signed.
> >
> > The WSSecurityEngine could return this info to the Axis handler/service
> > in the ususal way.
> >
> > The only thing to do: to get this information out of the Signature
> > structure ... :-) . Just looking at some ways to do it.
> >
> > Regards,
> > Werner
> >
> >
> > ----- Original Message -----
> > From: "Yves Langisch" <li...@langisch.ch>
> > To: "wss4j" <fx...@ws.apache.org>
> > Sent: Friday, June 18, 2004 3:40 PM
> > Subject: mandatory signature parts
> >
> >
> > > All,
> > >
> > > At server side I would like to ensure that an arriving request has one
> > > or more specific elements signed. For example I want to be sure that the
> > > body element is always signed. About other signed elements I don't mind,
> > > I just check them.
> > >
> > > How can this be done with WSS4J? There is the property 'signatureParts'
> > > but if I'm not wrong it's only relevant for the sender handler. I also
> > > checked the WSSecurityEngineResult class but there is no possibility to
> > > get the signed element out of.
> > >
> > > Thanks
> > > Yves
> > >
Re: mandatory signature parts
Posted by Yves Langisch <li...@langisch.ch>.
Werner,
Yes, the signed parts as QName elements would be perfect :-)
Thanks,
Yves
On Sat, 2004-06-19 at 14:06, Werner Dittmann wrote:
> Yves,
>
> seems to be a good idea :-).
>
> Just a short question:
> would it be enough for the reveiver to know which parts
> were signed, i.e. the full qualified names (namespace URI and
> local name) as QName elements? This would mirror the sender's
> behaviour.
> IMO this info would be enough the check if all required parts
> were signed.
>
> The WSSecurityEngine could return this info to the Axis handler/service
> in the ususal way.
>
> The only thing to do: to get this information out of the Signature
> structure ... :-) . Just looking at some ways to do it.
>
> Regards,
> Werner
>
>
> ----- Original Message -----
> From: "Yves Langisch" <li...@langisch.ch>
> To: "wss4j" <fx...@ws.apache.org>
> Sent: Friday, June 18, 2004 3:40 PM
> Subject: mandatory signature parts
>
>
> > All,
> >
> > At server side I would like to ensure that an arriving request has one
> > or more specific elements signed. For example I want to be sure that the
> > body element is always signed. About other signed elements I don't mind,
> > I just check them.
> >
> > How can this be done with WSS4J? There is the property 'signatureParts'
> > but if I'm not wrong it's only relevant for the sender handler. I also
> > checked the WSSecurityEngineResult class but there is no possibility to
> > get the signed element out of.
> >
> > Thanks
> > Yves
> >
Re: mandatory signature parts
Posted by Werner Dittmann <We...@t-online.de>.
Yves,
seems to be a good idea :-).
Just a short question:
would it be enough for the reveiver to know which parts
were signed, i.e. the full qualified names (namespace URI and
local name) as QName elements? This would mirror the sender's
behaviour.
IMO this info would be enough the check if all required parts
were signed.
The WSSecurityEngine could return this info to the Axis handler/service
in the ususal way.
The only thing to do: to get this information out of the Signature
structure ... :-) . Just looking at some ways to do it.
Regards,
Werner
----- Original Message -----
From: "Yves Langisch" <li...@langisch.ch>
To: "wss4j" <fx...@ws.apache.org>
Sent: Friday, June 18, 2004 3:40 PM
Subject: mandatory signature parts
> All,
>
> At server side I would like to ensure that an arriving request has one
> or more specific elements signed. For example I want to be sure that the
> body element is always signed. About other signed elements I don't mind,
> I just check them.
>
> How can this be done with WSS4J? There is the property 'signatureParts'
> but if I'm not wrong it's only relevant for the sender handler. I also
> checked the WSSecurityEngineResult class but there is no possibility to
> get the signed element out of.
>
> Thanks
> Yves
>