You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Jos Dirksen <jo...@gmail.com> on 2005/08/29 15:32:45 UTC
Excessive useof namespaces
We're currently looking into using WSS4J to sign the messages sent
between several of our systems. Using the examples and tests all went
surprisingly well, and the actual process of sighing and validating
the messages works OK.
We use WSS4J without axis, and just use the API directly. When looking
at the output of the signing step I noticed a lot of namespaces that
weren't really necessarily. For example from the test cases provided
with WSS4J:
Input message:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<add xmlns="http://ws.apache.org/counter/counter_port_type">
<value xmlns="">
15 </value>
</add>
</SOAP-ENV:Body>
This results in the message shown next. What can be seen here is that
the namespace declarations are repeated on each and every element.
Although there is technically nothing wrong with this, it seems a bit
excessive. Is there a way to tune / alter this? Or am I just missing
something in the configuration?
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Header xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsse:Security SOAP-ENV:mustUnderstand="1" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:Signature xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:SignedInfo xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<ds:Reference URI="#id-15142448" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:Transforms xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
<ds:DigestValue xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
OdONdZz0THG5WAVoj+JKT7Dm2mE=
</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-7461949" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<wsse:SecurityTokenReference wsu:Id="STRId-1321194"
xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:X509IssuerSerial xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<ds:X509IssuerName xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
CN=key1
</ds:X509IssuerName>
<ds:X509SerialNumber xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
1124976807
</ds:X509SerialNumber>
</ds:X509IssuerSerial>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="id-15142448" xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<add xmlns="http://ws.apache.org/counter/counter_port_type"
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<value xmlns=""
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
15
</value>
</add>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
With kind regards,
Jos Dirksen
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Excessive useof namespaces
Posted by Werner Dittmann <We...@t-online.de>.
Dims, all,
the request is ok - except that the namespaces are repeated
every time. This is a waste of bandwidth, but it is not wrong
in the "XML sense of using namespaces" :-) .
The problem is IMO part of XML-SEC and Xalan - ther was (is?) a
problem in XML-SEC/Xalan that triggers this. Just perform an
additonla c14n as the last step after signing and/or encrypting
a XML DOM. This is what the WSS4J handlers are doing.
Regards,
Werner
Davanum Srinivas wrote:
> that does not look right. could yuo please log a bug report with
> sample code to reproduce the problem?
>
> thanks,
> dims
>
> On 8/29/05, Jos Dirksen <jo...@gmail.com> wrote:
>
>>We're currently looking into using WSS4J to sign the messages sent
>>between several of our systems. Using the examples and tests all went
>>surprisingly well, and the actual process of sighing and validating
>>the messages works OK.
>>
>>We use WSS4J without axis, and just use the API directly. When looking
>>at the output of the signing step I noticed a lot of namespaces that
>>weren't really necessarily. For example from the test cases provided
>>with WSS4J:
>>
>>Input message:
>><?xml version="1.0" encoding="UTF-8"?>
>><SOAP-ENV:Envelope
>>xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>>xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <SOAP-ENV:Body>
>> <add xmlns="http://ws.apache.org/counter/counter_port_type">
>> <value xmlns="">
>>15 </value>
>> </add>
>> </SOAP-ENV:Body>
>>
>>
>>This results in the message shown next. What can be seen here is that
>>the namespace declarations are repeated on each and every element.
>>Although there is technically nothing wrong with this, it seems a bit
>>excessive. Is there a way to tune / alter this? Or am I just missing
>>something in the configuration?
>>
>><?xml version="1.0" encoding="UTF-8"?>
>><SOAP-ENV:Envelope xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <SOAP-ENV:Header xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:Signature xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:SignedInfo xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> <ds:SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> <ds:Reference URI="#id-15142448" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:Transforms xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> </ds:Transforms>
>> <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> <ds:DigestValue xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> OdONdZz0THG5WAVoj+JKT7Dm2mE=
>> </ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>> <ds:SignatureValue xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog==
>> </ds:SignatureValue>
>> <ds:KeyInfo Id="KeyId-7461949" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <wsse:SecurityTokenReference wsu:Id="STRId-1321194"
>> xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:X509IssuerSerial xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:X509IssuerName xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> CN=key1
>> </ds:X509IssuerName>
>> <ds:X509SerialNumber xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> 1124976807
>> </ds:X509SerialNumber>
>> </ds:X509IssuerSerial>
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> </ds:Signature>
>> </wsse:Security>
>> </SOAP-ENV:Header>
>> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <add xmlns="http://ws.apache.org/counter/counter_port_type"
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <value xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> 15
>> </value>
>> </add>
>> </SOAP-ENV:Body>
>></SOAP-ENV:Envelope>
>>
>>
>>With kind regards,
>>
>>Jos Dirksen
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Excessive useof namespaces
Posted by Werner Dittmann <We...@t-online.de>.
Dims, all,
the request is ok - except that the namespaces are repeated
every time. This is a waste of bandwidth, but it is not wrong
in the "XML sense of using namespaces" :-) .
The problem is IMO part of XML-SEC and Xalan - ther was (is?) a
problem in XML-SEC/Xalan that triggers this. Just perform an
additonla c14n as the last step after signing and/or encrypting
a XML DOM. This is what the WSS4J handlers are doing.
Regards,
Werner
Davanum Srinivas wrote:
> that does not look right. could yuo please log a bug report with
> sample code to reproduce the problem?
>
> thanks,
> dims
>
> On 8/29/05, Jos Dirksen <jo...@gmail.com> wrote:
>
>>We're currently looking into using WSS4J to sign the messages sent
>>between several of our systems. Using the examples and tests all went
>>surprisingly well, and the actual process of sighing and validating
>>the messages works OK.
>>
>>We use WSS4J without axis, and just use the API directly. When looking
>>at the output of the signing step I noticed a lot of namespaces that
>>weren't really necessarily. For example from the test cases provided
>>with WSS4J:
>>
>>Input message:
>><?xml version="1.0" encoding="UTF-8"?>
>><SOAP-ENV:Envelope
>>xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>>xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <SOAP-ENV:Body>
>> <add xmlns="http://ws.apache.org/counter/counter_port_type">
>> <value xmlns="">
>>15 </value>
>> </add>
>> </SOAP-ENV:Body>
>>
>>
>>This results in the message shown next. What can be seen here is that
>>the namespace declarations are repeated on each and every element.
>>Although there is technically nothing wrong with this, it seems a bit
>>excessive. Is there a way to tune / alter this? Or am I just missing
>>something in the configuration?
>>
>><?xml version="1.0" encoding="UTF-8"?>
>><SOAP-ENV:Envelope xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <SOAP-ENV:Header xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:Signature xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:SignedInfo xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> <ds:SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> <ds:Reference URI="#id-15142448" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:Transforms xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:Transform
>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> </ds:Transforms>
>> <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
>> <ds:DigestValue xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> OdONdZz0THG5WAVoj+JKT7Dm2mE=
>> </ds:DigestValue>
>> </ds:Reference>
>> </ds:SignedInfo>
>> <ds:SignatureValue xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog==
>> </ds:SignatureValue>
>> <ds:KeyInfo Id="KeyId-7461949" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <wsse:SecurityTokenReference wsu:Id="STRId-1321194"
>> xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:X509IssuerSerial xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <ds:X509IssuerName xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> CN=key1
>> </ds:X509IssuerName>
>> <ds:X509SerialNumber xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> 1124976807
>> </ds:X509SerialNumber>
>> </ds:X509IssuerSerial>
>> </wsse:SecurityTokenReference>
>> </ds:KeyInfo>
>> </ds:Signature>
>> </wsse:Security>
>> </SOAP-ENV:Header>
>> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <add xmlns="http://ws.apache.org/counter/counter_port_type"
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <value xmlns=""
>> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
>> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
>> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> 15
>> </value>
>> </add>
>> </SOAP-ENV:Body>
>></SOAP-ENV:Envelope>
>>
>>
>>With kind regards,
>>
>>Jos Dirksen
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
>>For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>>
>>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Excessive useof namespaces
Posted by Davanum Srinivas <da...@gmail.com>.
that does not look right. could yuo please log a bug report with
sample code to reproduce the problem?
thanks,
dims
On 8/29/05, Jos Dirksen <jo...@gmail.com> wrote:
> We're currently looking into using WSS4J to sign the messages sent
> between several of our systems. Using the examples and tests all went
> surprisingly well, and the actual process of sighing and validating
> the messages works OK.
>
> We use WSS4J without axis, and just use the API directly. When looking
> at the output of the signing step I noticed a lot of namespaces that
> weren't really necessarily. For example from the test cases provided
> with WSS4J:
>
> Input message:
> <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <SOAP-ENV:Body>
> <add xmlns="http://ws.apache.org/counter/counter_port_type">
> <value xmlns="">
> 15 </value>
> </add>
> </SOAP-ENV:Body>
>
>
> This results in the message shown next. What can be seen here is that
> the namespace declarations are repeated on each and every element.
> Although there is technically nothing wrong with this, it seems a bit
> excessive. Is there a way to tune / alter this? Or am I just missing
> something in the configuration?
>
> <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <SOAP-ENV:Header xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:Signature xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:SignedInfo xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> <ds:Reference URI="#id-15142448" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:Transforms xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> <ds:DigestValue xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> OdONdZz0THG5WAVoj+JKT7Dm2mE=
> </ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-7461949" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <wsse:SecurityTokenReference wsu:Id="STRId-1321194"
> xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:X509IssuerSerial xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:X509IssuerName xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> CN=key1
> </ds:X509IssuerName>
> <ds:X509SerialNumber xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> 1124976807
> </ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> </SOAP-ENV:Header>
> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <add xmlns="http://ws.apache.org/counter/counter_port_type"
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <value xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> 15
> </value>
> </add>
> </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
>
> With kind regards,
>
> Jos Dirksen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org
Re: Excessive useof namespaces
Posted by Davanum Srinivas <da...@gmail.com>.
that does not look right. could yuo please log a bug report with
sample code to reproduce the problem?
thanks,
dims
On 8/29/05, Jos Dirksen <jo...@gmail.com> wrote:
> We're currently looking into using WSS4J to sign the messages sent
> between several of our systems. Using the examples and tests all went
> surprisingly well, and the actual process of sighing and validating
> the messages works OK.
>
> We use WSS4J without axis, and just use the API directly. When looking
> at the output of the signing step I noticed a lot of namespaces that
> weren't really necessarily. For example from the test cases provided
> with WSS4J:
>
> Input message:
> <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <SOAP-ENV:Body>
> <add xmlns="http://ws.apache.org/counter/counter_port_type">
> <value xmlns="">
> 15 </value>
> </add>
> </SOAP-ENV:Body>
>
>
> This results in the message shown next. What can be seen here is that
> the namespace declarations are repeated on each and every element.
> Although there is technically nothing wrong with this, it seems a bit
> excessive. Is there a way to tune / alter this? Or am I just missing
> something in the configuration?
>
> <?xml version="1.0" encoding="UTF-8"?>
> <SOAP-ENV:Envelope xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <SOAP-ENV:Header xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:Signature xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:SignedInfo xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> <ds:Reference URI="#id-15142448" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:Transforms xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" />
> <ds:DigestValue xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> OdONdZz0THG5WAVoj+JKT7Dm2mE=
> </ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog==
> </ds:SignatureValue>
> <ds:KeyInfo Id="KeyId-7461949" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <wsse:SecurityTokenReference wsu:Id="STRId-1321194"
> xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:X509IssuerSerial xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <ds:X509IssuerName xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> CN=key1
> </ds:X509IssuerName>
> <ds:X509SerialNumber xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> 1124976807
> </ds:X509SerialNumber>
> </ds:X509IssuerSerial>
> </wsse:SecurityTokenReference>
> </ds:KeyInfo>
> </ds:Signature>
> </wsse:Security>
> </SOAP-ENV:Header>
> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <add xmlns="http://ws.apache.org/counter/counter_port_type"
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <value xmlns=""
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> 15
> </value>
> </add>
> </SOAP-ENV:Body>
> </SOAP-ENV:Envelope>
>
>
> With kind regards,
>
> Jos Dirksen
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
> For additional commands, e-mail: wss4j-dev-help@ws.apache.org
>
>
--
Davanum Srinivas : http://wso2.com/ - Oxygenating The Web Service Platform
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org