You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Fred Dushin <fd...@iona.com> on 2006/08/10 23:23:21 UTC

WSSecurityEngineResult#getSignedElements()

The WSSecurityEngineResult has a signed elements attribute on it, in the
form of a java.util.Set.  However, I see this set is only populated with
strings (wsu:Ids, if I'm not mistaken).

E.g., here is a snippet of code in which this Set is populated:

{{{
    Element se =
WSSecurityUtil.getElementByWsuId(elem.getOwnerDocument(), uri);
    if (se == null) {
        se = WSSecurityUtil.getElementByGenId(elem
            .getOwnerDocument(), uri);
    }
    if (se == null) {
        throw new WSSecurityException(
            WSSecurityException.FAILED_CHECK);
    }
    returnElements.add(WSSecurityUtil.getIDfromReference(uri));
}}}

For the purposes of strict policy enforcement, it would be desirable to

    * have access to the "physical" element that was protected, as
      opposed to a reference to it (thus avoding potentially costly, and
      possibly unfeasible lookup)
    * have such access in the case of confidentiality protection, as well

Additionally, it would seem desirable to be able to obtain information
about for whom encrypted messages were targeted.  For example, if a part
was encrypted for Bob (as opposed to Claire), it might be desirable to
know this, as well.

Would additions to the WSSecurityEngineResult type be welcome?  They
should be binary compatible, at any rate, and could greatly improve
enforcement of security policy on the receiving side of a SOAP
endpoint.  I would be happy to contribute any such changes.  I can also
file an enhancement request in Jira, for tracking purposes, if folks are
amenable to that.

Thanks!
Fred