You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Quang Hung Vu <hu...@yahoo.com> on 2004/01/28 09:35:00 UTC
Explain to me why and how to use ResourceResolveSpi when we do sign or verify a XML document
Hello,
I am XML security beginer, I using Java and Apache XML security lib to solve
my task. That I have to sign into a XML message with "Enveloped Signature"
type.
I read your samples, and tried to sign. When sign to element I was seem to be
success, but when verify the message, which I've just signed I got FALSE
value.
I found that - in your samples - you used an extends of ResourceResolveSpi
when verifing(OfflineResourceResolve.java). But I still don't understand ...
Can you help me?
Thanks in advance,
Regards
Re: Explain to me why and how to use ResourceResolveSpi when we do
sign or verify a XML document
Posted by Erwin van der Koogh <vd...@apache.org>.
> I found that - in your samples - you used an extends of
> ResourceResolveSpi when verifing(OfflineResourceResolve.java). But I
> still don't understand ...
Have you read: <http://xml.apache.org/security/Java/resolver.html>?
It's an introduction into the Resolvers.
Basically what they do is take a URI and somehow find the data that belongs
to that URI. There are Resolvers that use URLs to fetch the data and return
it, there are Resolvers that interpret the URI as an ID and go search the
local document.. it's entirely up to you.
URI goes in, signed content comes out. Normally though, with a proper URI
you shouldn't have any problem.. it will cycle through the standard ones
until he can find one to use.
Can you try to just run the example and see what it does?
Erwin