Explain to me why and how to use ResourceResolveSpi when we do sign or verify a XML document

[Quang Hung Vu <hu...@yahoo.com>]

 Hello,

 I am XML security beginer, I using Java and Apache XML security lib to solve 
my task. That I have to sign into a XML message with "Enveloped Signature" 
type. 

 I read your samples, and tried to sign. When sign to element I was seem to be 
success, but when verify the message, which I've just signed I got FALSE 
value.  

 I found that - in your samples - you used an extends of ResourceResolveSpi 
when verifing(OfflineResourceResolve.java). But I still don't understand ...

 Can you help me?

 Thanks in advance,

 Regards 

Re: Explain to me why and how to use ResourceResolveSpi when we do sign or verify a XML document

[Erwin van der Koogh <vd...@apache.org>]

>  I found that - in your samples - you used an extends of
> ResourceResolveSpi  when verifing(OfflineResourceResolve.java). But I
> still don't understand ...

Have you read: <http://xml.apache.org/security/Java/resolver.html>?

It's an introduction into the Resolvers.

Basically what they do is take a URI and somehow find the data that belongs 
to that URI. There are Resolvers that use URLs to fetch the data and return 
it, there are Resolvers that interpret the URI as an ID and go search the 
local document.. it's entirely up to you.

URI goes in, signed content comes out. Normally though, with a proper URI 
you shouldn't have any problem.. it will cycle through the standard ones 
until he can find one to use.

Can you try to just run the example and see what it does?

Erwin