xml-security-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matej Kafadar" <ma...@setcce.org>
Subject Re: XPath Filter
Date Tue, 30 Mar 2004 11:41:33 GMT
John thank you for help. I optimized your xpath expression and work fine



----- Original Message ----- 
From: "Moore John" <John.Moore@nrm.qld.gov.au>
To: <security-users@xml.apache.org>
Sent: Tuesday, March 30, 2004 4:44 AM
Subject: XPath Filter

I am a bit of a novice myself, but the following XPATH expression solves
your specific issue:

<ds:XPath>(count(ancestor-or-self::c/parent::b/parent::a) = 1 and
count(ancestor-or-self::c/parent::b/parent::a/parent::*) = 0)</ds:XPath>

I mentally think of it as:
- for each node in the tree (starting at the node referenced by the
<ds:Reference URI="">) apply the XPATH expression
- if its result is true, then the node will be in the output stream (ie if
the result is a boolean, like the expression above)
- if the result is a set of nodes then it is true if there are any nodes in
the set and false if the set is empty

So in the above XPATH expression, for each node in the tree we ask
- do we have a "c" ancestor  or our we a "c" node AND
- do we have a "b" parent that has an "a" parent (ie a count of 1)
- which has no parent (count of 0)

This XPATH will also pick up subtrees of </c>
  <c><x>123</x></c> <!-- this node i would like to sign -->

The tool called "txfmout" in the C++ version of XML Security is great for
looking at exactly what is being signed. (I am not a Java person so dont
know if there is an equivalent Java tool).

Hope this helps.

ta John

The information in this e-mail together with any attachments is
intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material.
Any form of review, disclosure, modification, distribution
and/or publication of this e-mail message is prohibited.
If you have received this message in error, you are asked to
inform the sender as quickly as possible and delete this message
and any copies of this message from your computer and/or your
computer system network.

View raw message