[jboss-user] [JBossWS] - Re: Sigining a SOAP message using the enveloped-signature tr

MrGuy do-not-reply at jboss.com
Wed Nov 12 12:07:16 EST 2008


Unfortunately, the WS-Security documentation hasn't helped with the particular problem. It was very helpful in getting the WS-Security set up initially, and working from there I created the following jboss-wsse-client.xml file:


  | <jboss-ws-security  xmlns="http://www.jboss.com/ws-security/config" 
  |                                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  |                                   xsi:schemaLocation="http://www.jboss.com/ws-security/config 
  |                                   http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
  | 	<key-store-file>META-INF/keystores/zcg.keystore</key-store-file>
  | 	<key-store-password>zcgstore</key-store-password>
  | 	<trust-store-file>META-INF/keystores/zcg.truststore</trust-store-file>
  | 	<trust-store-password>zcgstore</trust-store-password>
  | 	<config>
  | 		<username/>
  | 		<sign type="x509v3" alias="bandwidth.com">
  | 			<targets>
  | 				<target type="qname">{http://schemas.xmlsoap.org/soap/envelope/}Envelope</target>
  | 			</targets>
  | 		</sign>
  | 	</config>
  | </jboss-ws-security>

Which signs the full SOAP envelope:

  | <env:Envelope wsu:Id='element-2-1226509117041-2045010446' xmlns:env='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'>
  | ...
  | <ds:Reference URI='#element-2-1226509117041-2045010446' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>
  | 

But it still lists the Transform Algorithm as XML Exclusive Canonicalization:


  |        <ds:Transform Algorithm='http://www.w3.org/2001/10/xml-exc-c14n#' xmlns:ds='http://www.w3.org/2000/09/xmldsig#'/>
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4188863#4188863

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4188863



More information about the jboss-user mailing list