axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <d...@yahoo.com>
Subject Re: WSS4J - WS-Security Implementation (was Re: axis-wsse)
Date Wed, 22 Oct 2003 11:48:39 GMT
Werner,

Please play with the code in cvs under ws-axis/contrib/wss4j there are handlers for signing
the
soap message via handlers. It'd  be awesome if you can contribute some patches if you see
quirks
or need new functionality.

thanks,
dims

--- Dittmann Werner <werner.dittmann@siemens.com> wrote:
> Hi wss4j folks,
> 
> thanks a lot for contributing the wss4j code. I really appreciate it
> because Web services need some sort of signing and encryption to
> become successful.
> 
> Here some inputs for further discussions.
> 
> My idea is to have a WSS4J handler that automatically signs/encrypts
> or validates the messages depending on some configuration settings,
> e.g. in WSDD files. This would minimize the effort of the application
> developer, enhance reliabilty etc.
> 
> During some test (see my earlier posting on the list) I found some
> issues in Axis, which may make it complicate to implement such a
> handler. In particular the serialization of a message may become
> critical. 
> 
> If a message contains an attachment (not sure about multirefs) the
> serialization modifies the content of the SOAP body (inserts href
> attribute) just before it goes on the wire. IMHO there is no way to
> insert a handler at this point of message processing because the
> message serializes itself to the output stream (the serialization is
> started via HTTPSender that must be the last one in the handler chain
> because it maintains the real connections to the server).
> 
> If a handler signed the SOAP envlope before, then this signature is
> invalid after the serialization process.
> 
> I havn't yet found a way to perform complete serialization of the
> message, then sign (encrypt) the relevant part(s) and store the result
> as "ready-to-go" message before HTTPSender is called.
> 
> Any ideas / inputs are appreciated.
> 
> Regards,
> Werner


=====
Davanum Srinivas - http://webservices.apache.org/~dims/

Mime
View raw message