I implemented my own CallbackLookup to look up referenced elements by local id attribute. However, the referenced elements were still not found by WSS4J because WSSecurityUtil.storeElementInContext does not know about references using the local "id" attribute. I don't see any way that I can override this behaviour - am I missing something?
Also, I noticed that the WSSecurityUtil.findElementById method looks for elements using both the wsu:Id and local Id attributes (note the capital I in Id). I couldn't see this attribute anywhere in the WS-Security spec. This seems to have been introduced in r785171. Is this attribute required by another spec?
Date: Mon, 22 Jul 2013 16:11:13 +0100
Subject: Re: WSS4J: Local id attribute and Signature References
To: firstname.lastname@example.orgHi Nathan,I guess this is the kind of scenario that you should plug in your own CallbackLookup implementation. You can set one on the WSSecurityEngine implementation used as the starting point for WS-Security processing.
Colm.On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement <email@example.com> wrote:
The WS-Security spec says in section 4 "ID References":
However, because some key schemas used by this specification don't allow attribute extensibility (namely XML Signature and XML Encryption), this specification also allows use of their local ID attributes in addition to the wsu:Id attribute and the xml:id attribute [XMLID]
We are attempting to process an AS4 message, and the AS4 spec (http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html) says in section 5.1.4 regarding the signature reference for the eb:Messaging header:
The eb:Messaging header SHOULD be referenced using the “id” attribute.
WSS4J doesn't seem to support looking up referenced elements by a local id attribute. DOMCallbackLookup calls WSSecurityUtil.findElementById which only looks for wsu:Id or Id (with a capital I) with no namespace.
Should WSS4J allow lookup of a signed element by local id attribute?
<eb:Messaging s:mustUnderstand="true" id="ebms_header" ...
Colm O hEigeartaigh
Talend Community Coder