You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by Angel Todorov <at...@gmail.com> on 2007/05/06 11:02:30 UTC
Re: XPath support (Almost Completed !)
Hi Ruchith,
I have almost implemented the XPath support through EncryptedElements
/ SignedElements. I had to fix several other things as well. I still
have one question which is not clear to me - with respect to namespace
prefixes in the XPath expressions:
If i have in the policy definition:
<sp:SignedElements>
<sp:XPath>/soapenv:Envelope/soapenv:Body</sp:XPath>
</sp:SignedElements>
or even:
<sp:SignedElements>
<sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
</sp:SignedElements>
How is the XPath engine going to know which namespaces to add , in
order to resolve the "soapenv" prefixes? Also, what if there are
proprietary prefixes defined ?
Is there some way to get all defined prefix <-> namespace mappings ,
in order to register them when doing the XPath lookups ?
The simplest alternative would be to traverse the DOM document and
extract these myself, and store them in some Set-based structure.
Thanks.
Regards,
Angel
On 4/24/07, Angel Todorov <at...@gmail.com> wrote:
> Hi Ruchith,
>
> I tried to debug the call on the server side, when using
> <EncryptedElements> in the policy, but when i go through the variables
> in the debugger, i see that the encrypted elements is empty (in the
> policy model). Does this mean that the rampart policy builder also
> ignores Signed/Encrypted Elements? Thanks.
>
> Regards,
> Angel
>
> On 4/22/07, Angel Todorov <at...@gmail.com> wrote:
> > Hi Ruchith,
> >
> > Yes I can try to implement this. Can you suggest in which classes
> > exactly the modifications for XPath support have to be hooked ?
> > Thanks.
> >
> > Regards,
> > Angel
> >
> > On 4/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > > Hi Angel,
> > >
> > > I don't think we will be supporting Signed/EncryptedElements assertion
> > > in the next release. I think we will have to do the next release soon
> > > after the axis2-1.2 release and WSS4J 1.5.2 release. My estimate of
> > > the release date is the first week of May.
> > >
> > > However we certainly can use some help in getting this implemented.
> > > Patches are always welcome ! :-)
> > >
> > > Thanks,
> > > Ruchith
> > >
> > > On 4/19/07, Angel Todorov <at...@gmail.com> wrote:
> > > > Hi all,
> > > >
> > > > Is XPath support for addressing and processing arbitrary message
> > > > elements planned to be supported in the next release of rampart ?
> > > > Thanks.
> > > >
> > > > Regards,
> > > > Angel
> > > >
> > >
> > >
> > > --
> > > www.ruchith.org
> > > www.wso2.org
> > >
> >
>
Re: XPath support (Almost Completed !)
Posted by Angel Todorov <at...@gmail.com>.
Hi Ruchith,
I think it should be possible for a user to specify any namespace
prefix he wants in the XPath expression (and which is supposed to be
present in the document). We don't know which element the user wants
to sign/encrypt in advance, and a user can add any custom namespace
prefix that will not be known in advance.
Therefore my proposal is to enumerate through the document namespaces
but only once - because this list will probably be needed for other
rampart components as well - then, we can store this in the
rampartMessageData for instance.
What do you think ?
The other alternative is to accept only XPath expressions that contain
a namespace prefix attribute in the <XPath> tag (this is allowed by
spec!) , but I am not sure how inter-operable this could be...
Maybe Hans can also give his feedback ?
Best Regards,
Angel
On 5/6/07, Ruchith Fernando <ru...@gmail.com> wrote:
> Hi Angel,
>
> Great news !
>
> As for the question of prefixes I declared the well known prefixes
> when I did the MTOM optimization of base64 content with rampart's
> earlier parameter based configuration.
> Please see here : findElements() :
> https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
>
> This way we will have to document and let users know that we expect
> the xpath expression to use these prefixes.
>
> What do you think?
>
> Thanks,
> Ruchith
>
>
> On 5/6/07, Angel Todorov <at...@gmail.com> wrote:
> > Hi Ruchith,
> >
> > I have almost implemented the XPath support through EncryptedElements
> > / SignedElements. I had to fix several other things as well. I still
> > have one question which is not clear to me - with respect to namespace
> > prefixes in the XPath expressions:
> >
> > If i have in the policy definition:
> >
> > <sp:SignedElements>
> > <sp:XPath>/soapenv:Envelope/soapenv:Body</sp:XPath>
> > </sp:SignedElements>
> >
> > or even:
> >
> > <sp:SignedElements>
> > <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
> > </sp:SignedElements>
> >
> > How is the XPath engine going to know which namespaces to add , in
> > order to resolve the "soapenv" prefixes? Also, what if there are
> > proprietary prefixes defined ?
> >
> > Is there some way to get all defined prefix <-> namespace mappings ,
> > in order to register them when doing the XPath lookups ?
> >
> > The simplest alternative would be to traverse the DOM document and
> > extract these myself, and store them in some Set-based structure.
> > Thanks.
> >
> > Regards,
> > Angel
> >
> > On 4/24/07, Angel Todorov <at...@gmail.com> wrote:
> > > Hi Ruchith,
> > >
> > > I tried to debug the call on the server side, when using
> > > <EncryptedElements> in the policy, but when i go through the variables
> > > in the debugger, i see that the encrypted elements is empty (in the
> > > policy model). Does this mean that the rampart policy builder also
> > > ignores Signed/Encrypted Elements? Thanks.
> > >
> > > Regards,
> > > Angel
> > >
> > > On 4/22/07, Angel Todorov <at...@gmail.com> wrote:
> > > > Hi Ruchith,
> > > >
> > > > Yes I can try to implement this. Can you suggest in which classes
> > > > exactly the modifications for XPath support have to be hooked ?
> > > > Thanks.
> > > >
> > > > Regards,
> > > > Angel
> > > >
> > > > On 4/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > > > > Hi Angel,
> > > > >
> > > > > I don't think we will be supporting Signed/EncryptedElements assertion
> > > > > in the next release. I think we will have to do the next release soon
> > > > > after the axis2-1.2 release and WSS4J 1.5.2 release. My estimate of
> > > > > the release date is the first week of May.
> > > > >
> > > > > However we certainly can use some help in getting this implemented.
> > > > > Patches are always welcome ! :-)
> > > > >
> > > > > Thanks,
> > > > > Ruchith
> > > > >
> > > > > On 4/19/07, Angel Todorov <at...@gmail.com> wrote:
> > > > > > Hi all,
> > > > > >
> > > > > > Is XPath support for addressing and processing arbitrary message
> > > > > > elements planned to be supported in the next release of rampart ?
> > > > > > Thanks.
> > > > > >
> > > > > > Regards,
> > > > > > Angel
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > www.ruchith.org
> > > > > www.wso2.org
> > > > >
> > > >
> > >
> >
>
>
> --
> www.ruchith.org
> www.wso2.org
>
Re: XPath support (Almost Completed !)
Posted by Ruchith Fernando <ru...@gmail.com>.
Hi Angel,
Great news !
As for the question of prefixes I declared the well known prefixes
when I did the MTOM optimization of base64 content with rampart's
earlier parameter based configuration.
Please see here : findElements() :
https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java
This way we will have to document and let users know that we expect
the xpath expression to use these prefixes.
What do you think?
Thanks,
Ruchith
On 5/6/07, Angel Todorov <at...@gmail.com> wrote:
> Hi Ruchith,
>
> I have almost implemented the XPath support through EncryptedElements
> / SignedElements. I had to fix several other things as well. I still
> have one question which is not clear to me - with respect to namespace
> prefixes in the XPath expressions:
>
> If i have in the policy definition:
>
> <sp:SignedElements>
> <sp:XPath>/soapenv:Envelope/soapenv:Body</sp:XPath>
> </sp:SignedElements>
>
> or even:
>
> <sp:SignedElements>
> <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath>
> </sp:SignedElements>
>
> How is the XPath engine going to know which namespaces to add , in
> order to resolve the "soapenv" prefixes? Also, what if there are
> proprietary prefixes defined ?
>
> Is there some way to get all defined prefix <-> namespace mappings ,
> in order to register them when doing the XPath lookups ?
>
> The simplest alternative would be to traverse the DOM document and
> extract these myself, and store them in some Set-based structure.
> Thanks.
>
> Regards,
> Angel
>
> On 4/24/07, Angel Todorov <at...@gmail.com> wrote:
> > Hi Ruchith,
> >
> > I tried to debug the call on the server side, when using
> > <EncryptedElements> in the policy, but when i go through the variables
> > in the debugger, i see that the encrypted elements is empty (in the
> > policy model). Does this mean that the rampart policy builder also
> > ignores Signed/Encrypted Elements? Thanks.
> >
> > Regards,
> > Angel
> >
> > On 4/22/07, Angel Todorov <at...@gmail.com> wrote:
> > > Hi Ruchith,
> > >
> > > Yes I can try to implement this. Can you suggest in which classes
> > > exactly the modifications for XPath support have to be hooked ?
> > > Thanks.
> > >
> > > Regards,
> > > Angel
> > >
> > > On 4/19/07, Ruchith Fernando <ru...@gmail.com> wrote:
> > > > Hi Angel,
> > > >
> > > > I don't think we will be supporting Signed/EncryptedElements assertion
> > > > in the next release. I think we will have to do the next release soon
> > > > after the axis2-1.2 release and WSS4J 1.5.2 release. My estimate of
> > > > the release date is the first week of May.
> > > >
> > > > However we certainly can use some help in getting this implemented.
> > > > Patches are always welcome ! :-)
> > > >
> > > > Thanks,
> > > > Ruchith
> > > >
> > > > On 4/19/07, Angel Todorov <at...@gmail.com> wrote:
> > > > > Hi all,
> > > > >
> > > > > Is XPath support for addressing and processing arbitrary message
> > > > > elements planned to be supported in the next release of rampart ?
> > > > > Thanks.
> > > > >
> > > > > Regards,
> > > > > Angel
> > > > >
> > > >
> > > >
> > > > --
> > > > www.ruchith.org
> > > > www.wso2.org
> > > >
> > >
> >
>
--
www.ruchith.org
www.wso2.org