santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucas, Mike" <Mike.Lu...@gwl.ca>
Subject RE: XML Security & JAXB
Date Wed, 07 Nov 2007 22:31:11 GMT
With SAML it's quite easy:
1. There's only one XSD. It defines that certain elements can be
encrypted and if encrypted they will have different names. E.g.
<Assertion> will be replaced by <EncryptedAssertion>. The
<EncryptedAssertion> element can appear anywhere the <Assertion> element
can.

2. I check for encryption simply by looking for the presence of any
encrypted elements by name. (The only encrypted elements in SAML are
EncryptedAssertion, EncryptedAttribute, EncryptedID.) I actually just do
a String search (indexOf() method) but XPath query would work too I
think.

3. If there are encrypted elements, I decrypt them using the XML
Security library. It modifies the Document object with each decryption
operation so you have to be cognizant of that.

- Mike


-----Original Message-----
From: Dave Hoffer [mailto:DHoffer@xrite.com] 
Sent: November 7, 2007 4:02 PM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB


Mike,

Okay, that sounds good.  How do you deal with the XML schema?  Since
JAXB needs the XSD of the un-encrypted XML(my assumption), I assume your
XSD is un-aware of any encryption?

You say you load the XML into a Document object first and then do the
decryption if necessary.  How do you know if it is necessary?

Do you have yet another document (XSD or something) that defines what is
encrypted so you know what to do?  What does your process look like?

-Dave

-----Original Message-----
From: Lucas, Mike [mailto:Mike.Lucas@gwl.ca] 
Sent: Wednesday, November 07, 2007 3:30 PM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB

Hey Dave,
We do the same thing actually; sorry I was thinking you were starting
with XML that you had to encrypt.

What we do is take the XML and load it into a Document object first,
then do the decryption if necessary. (The decryption modifies the
Document object.) Finally we pass the Document to JAXB which unmarshalls
it into Java objects (POJOs).

-Mike


-----Original Message-----
From: Dave Hoffer [mailto:DHoffer@xrite.com] 
Sent: November 7, 2007 1:46 PM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB


Thanks for the reply...

In my case I start with XML with (possibly) encrypted content, I then
need to get to POJOs.  XML is essentially the data storage medium.  I
don't see how to accomplish this.

-dh



-----Original Message-----
From: Lucas, Mike [mailto:Mike.Lucas@gwl.ca] 
Sent: Wednesday, November 07, 2007 11:01 AM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB

I've done this by using JAXB to build the full unencrypted XML, then
marshalling to a org.w3c.dom.Document and using XML Security library to
perform encryption on the Document object.

I realise this may not be the best solution in all cases, especially if
you need to get the Document back into JAXB again (could be a
significant performance impact). It worked well for me because I could
do the encryption as the final step before returning the XML to the
caller.


-----Original Message-----
From: Dave Hoffer [mailto:DHoffer@xrite.com] 
Sent: November 7, 2007 9:40 AM
To: security-dev@xml.apache.org
Subject: XML Security & JAXB


We have a schema we bind to Java using JAXB (and C++ with LMX) which
works well.  I know have been asked to encrypt certain element data. How
can I do this and not loose the schema to POJO binding?

What is the best way to accomplish this?
Does XSD support XML Security in some way?
Does JAXB or other binding implementation support XML Security?

-Dave







Mime
View raw message