« November 2009
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
     
       
Today
XML

www.flickr.com
This is a Flickr badge showing public photos from ashutosh.shahi. Make your own badge here.

Blog::Navigation


blogs.sun.com
Weblog
Login

Bookmarks::Blogroll


Recent Entries

Blog::Referers

Today's Page Hits: 67

Stat Counter


since 02/20/07

Technorati

Add to Technorati Favorites

del.icio.us

All | Personal | Web Services
« Configuring Timestam... | Main | Slides for BOF-4108...
 »
20070327 Tuesday March 27, 2007
Disabling InclusivePrefixList in XWSS

Venu pointed out in his blog entry how one can disable generation of InclusivePrefixList in WSIT through proprietary policy assertions in WSDL. But what if you are using standalone JAXWS + XWSS with security configuration files supported by XWSS? This is exactly what a forum user recently asked at http://forums.java.net/jive/thread.jspa?messageID=209715. We now support this in XWSS 3.0 for both CanonicalizationMethod of Signature as well Transform for individual References.

Here is a sample configuration file to achieve this:

<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">

    <xwss:Service>
        <xwss:SecurityConfiguration dumpMessages="true">
            <xwss:Sign>
                <xwss:CanonicalizationMethod disableInclusivePrefix="true" />
                <xwss:SignatureTarget type="xpath" value="//SOAP-ENV:Body">
                    <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true"/>
                </xwss:SignatureTarget>                
            </xwss:Sign>
            <xwss:RequireSignature/>
        </xwss:SecurityConfiguration>
    </xwss:Service>

    <xwss:SecurityEnvironmentHandler>
        simple.server.SecurityEnvironmentHandler
    </xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>

Note the disableInclusivePrefix attribute for CanonicalizationMethod and Transform. This is introduced as an optional attribute and the default value for this will be false. So if you are configuring security through these configuration files and are facing interoperability issues due to some implementation not supporting InclusivePrefixList, you can set this attribute to true and try!

Technorati:Tango WSIT Glassfish Web Services XWSS Signatures WS Security

Permalink Comments [4] Posted by ashutoshshahi ( Jun 05 2007, 03:45:36 PM IST / Mar 27 2007, 05:46:36 PM IST )
Trackback: http://blogs.sun.com/ashutosh/entry/disabling_inclusiveprefixlist_in_xwss
Trackback URL: http://blogs.sun.com/ashutosh/entry/disabling_inclusiveprefixlist_in_xwss
Comments:

Hi Venu, I am trying to build a Java Client for .NET Webservice which uses WSE 2.0. I am using XWS Security API for signing and encrypting the message. I am using XWS-Security 2.0 and having the same problem with InclusivePrefixList. Is it possible to remove the InclusivePrefixList element under transforms in version 2.0. Expected: <ds:Reference URI="myactionid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>rhv8rDblUzPpIWIHqoiSXfAFvak=</ds:DigestValue> </ds:Reference> Actual: <ds:Reference URI="myactionid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap wsa wsse wsu xsd xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>rhv8rDblUzPpIWIHqoibXfAavTk=</ds:DigestValue> </ds:Reference> Any help is appreciated. Regards, Mansoor Khan

Posted by Mansoor Khan on April 03, 2007 at 02:51 AM IST #

Hi Mansoor, We had made this fix for xwss 3.0 only. Is it possible for you to try the 3.0 release? If not, tell us, we can try to put a similar fix on 2.0 branch as well.

Posted by Ashutosh Shahi on April 03, 2007 at 10:18 AM IST #

OK, so now we have fix in 2.0 branch as well. Please try with the latest jars from https://xwss.dev.java.net/files/documents/4864/54045/xwss-2.0.zip . We will not generate prefixList by default - this should solve your case. In case you need prefixList, you will need to specify conformance="bsp" attribute on Service element e.g. <xwss:Service conformance="bsp"> ... </xwss:Service>

Posted by Ashutosh Shahi on April 03, 2007 at 11:53 AM IST #

It works fine. Thanks for the fix. Regards, Mansoor Khan

Posted by Mansoor Khan on April 04, 2007 at 04:08 AM IST #

Post a Comment:

Name:
E-Mail:
URL:

Your Comment:

HTML Syntax: NOT allowed
Copyright (C) 2003, Ashutosh's Blog