xml-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From maill...@nue.et-inf.uni-siegen.de
Subject Re: Axis and security (was: Forrest Layout 1.4)
Date Tue, 08 Jan 2002 10:29:11 GMT
Dims,

I added two samples under

CVS/xml-security/src_samples/org/apache/xml/security/samples

AxisSigner.java and AxisVerifier.java create a SOAP msg (sorry for the 
stuupid code) and sign the Body (and verify it).



--On Dienstag, 8. Januar 2002 09:26 +0100 Christian Geuer-Pollmann 
<maillist@nue.et-inf.uni-siegen.de> wrote:

> Dims,
>
> I'll add two samples which can easily be modified and which relate to
> each other. I'll send you a notification about that.
>
> Christian
>
> --On Montag, 7. Januar 2002 18:14 -0800 Davanum Srinivas <dims@yahoo.com>
> wrote:
>
>> Christian,
>>
>> Spent some time one the two samples CreateSignature.java and
>> VerifySignature.java. The first samples creates signature.xml and the
>> second one looks for hereSignature.xml....So i had to rename the generate
>> signature.xml and feed it to VerifySignature.java. Is this right? If yes,
>> i will try to spend some time tomorrow to bootstrap you with
>> SimpleAxisServer with a custom Handler and some client code.
>>
>> Thanks,
>> dims
>>
>> --- Christian Geuer-Pollmann <maillist@nue.et-inf.uni-siegen.de> wrote:
>>> Hi Davanum,
>>>
>>> I implemented the "XML Signature" spec [1] which is now available under
>>> [2]. The distribution contains some examples how XML Signature can be
>>> created and verified. These are stand-alone-examples which create a DOM
>>> structure, sign it and write it to a file or verify an existing
>>> Signature.  Well, these examples are quite nice to demonstrate how
>>> signatures are  created and verified, but I wanted to add code on how a
>>> SOAP message can be  signed (at the client) and verified (at the
>>> server's side). The "SOAP  Security Extensions: Digital Signature" [3]
>>> decribe how XML Signatures are  'embedded' into a SOAP message.
>>>
>>> Well, I'm not a SOAP guru and I don't want to spend weeks installing
>>> Tomcat  and learning how to create SOAP messages. It would be nice to
>>> get a small  'stand-alone-client' and possibly (like Sam showed) a
>>> server which gives me  access to the Message: The client creates a
>>> request, and before sending  this request, I can sign it and put the
>>> Signature into the Envelope. The  server side the same: The server get's
>>> a request and before
>>> processing/dispatching it, I can verify whether the Signature is valid
>>> (for  demonstration purposes using a sample certificate).
>>>
>>> A second problem was: Should I provide such an example for "Apache SOAP"
>>> or  "Apache AXIS"?
>>>
>>> Maybe this gives an idea about it. BTW; if you wanna see how such an
>>> example could look like: [4]
>>>
>>> Regards,
>>> Christian
>>>
>>> [1] http://www.w3.org/TR/xmldsig-core/
>>> [2] http://xml.apache.org/security/index.html
>>> [3] http://www.w3.org/TR/SOAP-dsig/
>>> [4]
>>> http://cvs.apache.org/viewcvs.cgi/xml-security/src_samples/org/apache/xm
>>> l/s ecurity/samples/signature/CreateSignature.java
>>>
>>> --On Montag, 7. Januar 2002 07:19 -0800 Davanum Srinivas
>>> <dims@yahoo.com>  wrote:
>>>
>>> > Can you elaborate a bit more on your thoughts? An overview of how you
>>> > think we can make SOAP more secure using xml-security...This will help
>>> > generate more ideas.
>>> >
>>> > Thanks,
>>> > dims
>>> >
>>> > --- Sam Ruby <rubys@us.ibm.com> wrote:
>>> >> Note: I'm cross posting to Axis dev.  Please continue the discussion
>>> >> there.
>>> >>
>>> >> Christian Geuer-Pollmann wrote:
>>> >> >
>>> >> > I'm not an Apache SOAP/AXIS user, so it was hard for me to play
>>> >> > around with these tools. I asked soap-user and soap-dev how I can
>>> >> > directly access the soap message as a DOM tree to add a
>>> >> > SOAP-SECURITY signature. Unfortunately no response. I want to add
>>> >> > an example to xml-security how a SOAP message can be signed and
>>> >> > this signature can be verified according to [1]. If there is
>>> >> > someone out there who can show me how to create a simple SOAP msg
>>> >> > using AXIS and how I can modify the resulting DOM tree, I'll
>>> >> > provide this example. The only thing that stopped me was installing
>>> >> > tomcat and all these things.
>
>
> ---------------------------------------------------------------------
> In case of troubles, e-mail:     webmaster@xml.apache.org
> To unsubscribe, e-mail:          general-unsubscribe@xml.apache.org
> For additional commands, e-mail: general-help@xml.apache.org
>





---------------------------------------------------------------------
In case of troubles, e-mail:     webmaster@xml.apache.org
To unsubscribe, e-mail:          general-unsubscribe@xml.apache.org
For additional commands, e-mail: general-help@xml.apache.org


Mime
View raw message