santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dave Hoffer" <DHof...@xrite.com>
Subject RE: XML Security & JAXB
Date Wed, 07 Nov 2007 22:02:27 GMT
Mike,

Okay, that sounds good.  How do you deal with the XML schema?  Since
JAXB needs the XSD of the un-encrypted XML(my assumption), I assume your
XSD is un-aware of any encryption?

You say you load the XML into a Document object first and then do the
decryption if necessary.  How do you know if it is necessary?

Do you have yet another document (XSD or something) that defines what is
encrypted so you know what to do?  What does your process look like?

-Dave

-----Original Message-----
From: Lucas, Mike [mailto:Mike.Lucas@gwl.ca] 
Sent: Wednesday, November 07, 2007 3:30 PM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB

Hey Dave,
We do the same thing actually; sorry I was thinking you were starting
with XML that you had to encrypt.

What we do is take the XML and load it into a Document object first,
then do the decryption if necessary. (The decryption modifies the
Document object.) Finally we pass the Document to JAXB which unmarshalls
it into Java objects (POJOs).

-Mike


-----Original Message-----
From: Dave Hoffer [mailto:DHoffer@xrite.com] 
Sent: November 7, 2007 1:46 PM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB


Thanks for the reply...

In my case I start with XML with (possibly) encrypted content, I then
need to get to POJOs.  XML is essentially the data storage medium.  I
don't see how to accomplish this.

-dh



-----Original Message-----
From: Lucas, Mike [mailto:Mike.Lucas@gwl.ca] 
Sent: Wednesday, November 07, 2007 11:01 AM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB

I've done this by using JAXB to build the full unencrypted XML, then
marshalling to a org.w3c.dom.Document and using XML Security library to
perform encryption on the Document object.

I realise this may not be the best solution in all cases, especially if
you need to get the Document back into JAXB again (could be a
significant performance impact). It worked well for me because I could
do the encryption as the final step before returning the XML to the
caller.


-----Original Message-----
From: Dave Hoffer [mailto:DHoffer@xrite.com] 
Sent: November 7, 2007 9:40 AM
To: security-dev@xml.apache.org
Subject: XML Security & JAXB


We have a schema we bind to Java using JAXB (and C++ with LMX) which
works well.  I know have been asked to encrypt certain element data. How
can I do this and not loose the schema to POJO binding?

What is the best way to accomplish this?
Does XSD support XML Security in some way?
Does JAXB or other binding implementation support XML Security?

-Dave





Mime
View raw message