xml-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Geuer-Pollmann <maill...@nue.et-inf.uni-siegen.de>
Subject Re: Axis and security (was: Forrest Layout 1.4)
Date Tue, 08 Jan 2002 08:26:50 GMT
Dims,

I'll add two samples which can easily be modified and which relate to each 
other. I'll send you a notification about that.

Christian

--On Montag, 7. Januar 2002 18:14 -0800 Davanum Srinivas <dims@yahoo.com> 
wrote:

> Christian,
>
> Spent some time one the two samples CreateSignature.java and
> VerifySignature.java. The first samples creates signature.xml and the
> second one looks for hereSignature.xml....So i had to rename the generate
> signature.xml and feed it to VerifySignature.java. Is this right? If yes,
> i will try to spend some time tomorrow to bootstrap you with
> SimpleAxisServer with a custom Handler and some client code.
>
> Thanks,
> dims
>
> --- Christian Geuer-Pollmann <maillist@nue.et-inf.uni-siegen.de> wrote:
>> Hi Davanum,
>>
>> I implemented the "XML Signature" spec [1] which is now available under
>> [2]. The distribution contains some examples how XML Signature can be
>> created and verified. These are stand-alone-examples which create a DOM
>> structure, sign it and write it to a file or verify an existing
>> Signature.  Well, these examples are quite nice to demonstrate how
>> signatures are  created and verified, but I wanted to add code on how a
>> SOAP message can be  signed (at the client) and verified (at the
>> server's side). The "SOAP  Security Extensions: Digital Signature" [3]
>> decribe how XML Signatures are  'embedded' into a SOAP message.
>>
>> Well, I'm not a SOAP guru and I don't want to spend weeks installing
>> Tomcat  and learning how to create SOAP messages. It would be nice to
>> get a small  'stand-alone-client' and possibly (like Sam showed) a
>> server which gives me  access to the Message: The client creates a
>> request, and before sending  this request, I can sign it and put the
>> Signature into the Envelope. The  server side the same: The server get's
>> a request and before
>> processing/dispatching it, I can verify whether the Signature is valid
>> (for  demonstration purposes using a sample certificate).
>>
>> A second problem was: Should I provide such an example for "Apache SOAP"
>> or  "Apache AXIS"?
>>
>> Maybe this gives an idea about it. BTW; if you wanna see how such an
>> example could look like: [4]
>>
>> Regards,
>> Christian
>>
>> [1] http://www.w3.org/TR/xmldsig-core/
>> [2] http://xml.apache.org/security/index.html
>> [3] http://www.w3.org/TR/SOAP-dsig/
>> [4]
>> http://cvs.apache.org/viewcvs.cgi/xml-security/src_samples/org/apache/xm
>> l/s ecurity/samples/signature/CreateSignature.java
>>
>> --On Montag, 7. Januar 2002 07:19 -0800 Davanum Srinivas
>> <dims@yahoo.com>  wrote:
>>
>> > Can you elaborate a bit more on your thoughts? An overview of how you
>> > think we can make SOAP more secure using xml-security...This will help
>> > generate more ideas.
>> >
>> > Thanks,
>> > dims
>> >
>> > --- Sam Ruby <rubys@us.ibm.com> wrote:
>> >> Note: I'm cross posting to Axis dev.  Please continue the discussion
>> >> there.
>> >>
>> >> Christian Geuer-Pollmann wrote:
>> >> >
>> >> > I'm not an Apache SOAP/AXIS user, so it was hard for me to play
>> >> > around with these tools. I asked soap-user and soap-dev how I can
>> >> > directly access the soap message as a DOM tree to add a
>> >> > SOAP-SECURITY signature. Unfortunately no response. I want to add
>> >> > an example to xml-security how a SOAP message can be signed and
>> >> > this signature can be verified according to [1]. If there is
>> >> > someone out there who can show me how to create a simple SOAP msg
>> >> > using AXIS and how I can modify the resulting DOM tree, I'll
>> >> > provide this example. The only thing that stopped me was installing
>> >> > tomcat and all these things.


---------------------------------------------------------------------
In case of troubles, e-mail:     webmaster@xml.apache.org
To unsubscribe, e-mail:          general-unsubscribe@xml.apache.org
For additional commands, e-mail: general-help@xml.apache.org


Mime
View raw message