xml-security-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Moore John" <John.Mo...@nrm.qld.gov.au>
Subject XPath Filter
Date Tue, 30 Mar 2004 02:44:37 GMT
I am a bit of a novice myself, but the following XPATH expression solves your specific issue:

<ds:XPath>(count(ancestor-or-self::c/parent::b/parent::a) = 1 and count(ancestor-or-self::c/parent::b/parent::a/parent::*)
= 0)</ds:XPath>

I mentally think of it as:
- for each node in the tree (starting at the node referenced by the <ds:Reference URI="">)
apply the XPATH expression
- if its result is true, then the node will be in the output stream (ie if the result is a
boolean, like the expression above)
- if the result is a set of nodes then it is true if there are any nodes in the set and false
if the set is empty

So in the above XPATH expression, for each node in the tree we ask 
- do we have a "c" ancestor  or our we a "c" node AND
- do we have a "b" parent that has an "a" parent (ie a count of 1) 
- which has no parent (count of 0)

This XPATH will also pick up subtrees of </c>
  <c><x>123</x></c> <!-- this node i would like to sign -->

The tool called "txfmout" in the C++ version of XML Security is great for looking at exactly
what is being signed. (I am not a Java person so dont know if there is an equivalent Java

Hope this helps.

ta John

The information in this e-mail together with any attachments is
intended only for the person or entity to which it is addressed
and may contain confidential and/or privileged material.
Any form of review, disclosure, modification, distribution
and/or publication of this e-mail message is prohibited.  
If you have received this message in error, you are asked to
inform the sender as quickly as possible and delete this message
and any copies of this message from your computer and/or your
computer system network.  

View raw message