ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <coh...@gmail.com>
Subject Re: WSS4J: Local id attribute and Signature References
Date Wed, 24 Jul 2013 11:03:14 GMT
> I implemented my own CallbackLookup to look up referenced elements by
local id attribute.  However, the referenced elements were still
> not found by WSS4J because WSSecurityUtil. storeElementInContext does not
know about references using the local "id" attribute.

Looks like you've found a bug :-) I've fixed this on trunk by adding a new
method to CallbackLookup to make the implementation responsible for setting
the appropriate Id on the Context. On 1.6.x, I'm going to also register
"xml:id" and "id" in WSSecurityUtil.storeElementInContext, to cater for
your use-cases.

> Also, I noticed that the WSSecurityUtil.findElementById method looks for
elements using both the wsu:Id and local Id attributes (note the
> capital I in Id).

"Id" is used in the XML Digital Signature specification.

Colm.


On Wed, Jul 24, 2013 at 5:48 AM, Nathan Clement <
nathan.a.clement@hotmail.com> wrote:

> Hi Colm,
>
> I implemented my own CallbackLookup to look up referenced elements by
> local id attribute.  However, the referenced elements were still not found
> by WSS4J because WSSecurityUtil.storeElementInContext does not know about
> references using the local "id" attribute.  I don't see any way that I can
> override this behaviour - am I missing something?
>
> Also, I noticed that the WSSecurityUtil.findElementById method looks for
> elements using both the wsu:Id and local Id attributes (note the capital I
> in Id).  I couldn't see this attribute anywhere in the WS-Security spec.
> This seems to have been introduced in r785171.  Is this attribute required
> by another spec?
>
>
> Thanks,
>
> Nathan
>
> ------------------------------
> Date: Mon, 22 Jul 2013 16:11:13 +0100
> Subject: Re: WSS4J: Local id attribute and Signature References
> From: coheigea@apache.org
> To: dev@ws.apache.org
>
> Hi Nathan,
>
> I guess this is the kind of scenario that you should plug in your own
> CallbackLookup implementation. You can set one on the WSSecurityEngine
> implementation used as the starting point for WS-Security processing.
>
> Colm.
>
>
> On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement <
> nathan.a.clement@hotmail.com> wrote:
>
>  Hi,
>
> The WS-Security spec says in section 4 "ID References":
>
> *However, because some key schemas used by this specification don't allow
> attribute extensibility (namely XML Signature and XML Encryption), this
> specification also allows use of their local ID attributes in addition to
> the wsu:Id attribute and the xml:id attribute [XMLID]*
>
> We are attempting to process an AS4 message, and the AS4 spec (
> http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html)
> says in section 5.1.4 regarding the signature reference for the
> eb:Messaging header:
>
> *The eb:Messaging header SHOULD be referenced using the “id” attribute.*
>
> WSS4J doesn't seem to support looking up referenced elements by a local id
> attribute.  DOMCallbackLookup calls WSSecurityUtil.findElementById which
> only looks for wsu:Id or Id (with a capital I) with no namespace.
>
> Should WSS4J allow lookup of a signed element by local id attribute?
>
> i.e.
>
> <eb:Messaging s:mustUnderstand="true" id="ebms_header" ...
>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>   <ds:SignedInfo>
>     <ds:Reference URI="#ebms_header">
>
> Thanks,
>
> Nathan
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
View raw message