|
Replies:
4
-
Last Post:
Mar 27, 2007 5:27 AM
by: ashutoshshahi
|
|
|
|
|
|
|
remove inclusive namespace
Posted:
Mar 20, 2007 3:46 PM
|
|
|
Hi all,
Is there a way to remove the inclusive namespace in the ws-security message? I've tried modifying the configuration file and I tried calling the ProcessContext but it doesn't seem to help.
Problem:
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap wsa wsse wsu xsd xsi"/>
</ds:CanonicalizationMethod>
Expected result:
<ds:CanonicalizationMethod Algorithm=http://www.w3.org/2001/10/xml-exc-c14n# />
|
|
|
|
|
|
|
|
|
|
Re: remove inclusive namespace
Posted:
Mar 22, 2007 1:15 PM
in response to: venu
|
|
|
How? I have installed the latest xwss-3.0. I replaced the xws-security.jar file. I see the changes made but inside the transform I still see the inclusive namespace problem.
Problem:
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap wsa wsse wsu xsd xsi"/>
</ds:Transform>
</ds:Transforms>
Expected result:
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
</ds:Transform>
</ds:Transforms>
This is my configuration file:
<!--
Copyright 2004 Sun Microsystems, Inc. All rights reserved.
SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
-->
<xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">
<xwss:Timestamp timeout="60"/>
<xwss:Sign includeTimestamp="true">
<xwss:X509Token certificateAlias="wse2qsclient" />
<xwss:CanonicalizationMethod algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/03/addressing}Action">
<xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<xwss:AlgorithmParameter name="CanonicalizationMethod" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</xwss:Transform>
</xwss:SignatureTarget>
<xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/03/addressing}MessageID">
<xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<xwss:AlgorithmParameter name="CanonicalizationMethod" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</xwss:Transform>
</xwss:SignatureTarget>
<xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/03/addressing}ReplyTo">
<xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<xwss:AlgorithmParameter name="CanonicalizationMethod" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</xwss:Transform>
</xwss:SignatureTarget>
<xwss:SignatureTarget type="qname" value="{http://schemas.xmlsoap.org/ws/2004/03/addressing}To">
<xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<xwss:AlgorithmParameter name="CanonicalizationMethod" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</xwss:Transform>
</xwss:SignatureTarget>
<xwss:SignatureTarget type="uri" value="mybodyid">
<xwss:DigestMethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<xwss:AlgorithmParameter name="CanonicalizationMethod" value="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</xwss:Transform>
</xwss:SignatureTarget>
</xwss:Sign>
<!--
Note the order of the requirements below. The message sender
should have first signed the body and then encrypted its
contents.
-->
</xwss:SecurityConfiguration>
|
|
|
|
|
|
|
|
|
Re: remove inclusive namespace
Posted:
Mar 23, 2007 7:49 PM
in response to: zdriveus
|
|
|
The above feature in XWSS 3.0 is only available with WS SecurityPolicy i,e when you use WSIT. You are using XWSS specific configuration files. Can you let us know your requirements , just to see if SecurityPolicy can satisfy your requirements. Ashutosh my team mate is working on providing this option using XWSS Configuration files too. Will let you know in another day or so...
|
|
|
|
|
|
|
|
|
Re: remove inclusive namespace
Posted:
Mar 27, 2007 5:27 AM
in response to: zdriveus
|
|
|
Hello,
We now allow disabling of InclusivePrefixList through configuration file. We have fixed this just today, so you can try with the latest xwss 3.0 from xwss.dev.java.net. We now allow an attribute 'disableInclusivePrefix' with boolean value on CanonicalizationMethod and Transform elements in the configuration file. You can check a sample configuration file at: http://blogs.sun.com/ashutosh/entry/disabling_inclusiveprefixlist_in_xwss . Hope it helps.
|
|
|
|
|
java.net RSS
