Disabling InclusivePrefixList in XWSS
By ashutoshshahi on Mar 27, 2007
Venu pointed out in his blog entry how one can disable generation of InclusivePrefixList in WSIT through proprietary policy assertions in WSDL. But what if you are using standalone JAXWS + XWSS with security configuration files supported by XWSS? This is exactly what a forum user recently asked at http://forums.java.net/jive/thread.jspa?messageID=209715. We now support this in XWSS 3.0 for both CanonicalizationMethod of Signature as well Transform for individual References.
Here is a sample configuration file to achieve this:
<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true"> <xwss:Sign> <xwss:CanonicalizationMethod disableInclusivePrefix="true" /> <xwss:SignatureTarget type="xpath" value="//SOAP-ENV:Body"> <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true"/> </xwss:SignatureTarget> </xwss:Sign> <xwss:RequireSignature/> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> simple.server.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity>
Note the disableInclusivePrefix attribute for CanonicalizationMethod and Transform. This is introduced as an optional attribute and the default value for this will be false. So if you are configuring security through these configuration files and are facing interoperability issues due to some implementation not supporting InclusivePrefixList, you can set this attribute to true and try!