Disabling InclusivePrefixList in XWSS

Venu pointed out in his blog entry how one can disable generation of InclusivePrefixList in WSIT through proprietary policy assertions in WSDL. But what if you are using standalone JAXWS + XWSS with security configuration files supported by XWSS? This is exactly what a forum user recently asked at http://forums.java.net/jive/thread.jspa?messageID=209715. We now support this in XWSS 3.0 for both CanonicalizationMethod of Signature as well Transform for individual References.

Here is a sample configuration file to achieve this:

<xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config">

    <xwss:Service>
        <xwss:SecurityConfiguration dumpMessages="true">
            <xwss:Sign>
                <xwss:CanonicalizationMethod disableInclusivePrefix="true" />
                <xwss:SignatureTarget type="xpath" value="//SOAP-ENV:Body">
                    <xwss:Transform algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" disableInclusivePrefix="true"/>
                </xwss:SignatureTarget>                
            </xwss:Sign>
            <xwss:RequireSignature/>
        </xwss:SecurityConfiguration>
    </xwss:Service>

    <xwss:SecurityEnvironmentHandler>
        simple.server.SecurityEnvironmentHandler
    </xwss:SecurityEnvironmentHandler>
</xwss:JAXRPCSecurity>

Note the disableInclusivePrefix attribute for CanonicalizationMethod and Transform. This is introduced as an optional attribute and the default value for this will be false. So if you are configuring security through these configuration files and are facing interoperability issues due to some implementation not supporting InclusivePrefixList, you can set this attribute to true and try!

Technorati:Tango WSIT Glassfish Web Services XWSS Signatures WS Security

Comments:

Hi Venu, I am trying to build a Java Client for .NET Webservice which uses WSE 2.0. I am using XWS Security API for signing and encrypting the message. I am using XWS-Security 2.0 and having the same problem with InclusivePrefixList. Is it possible to remove the InclusivePrefixList element under transforms in version 2.0. Expected: <ds:Reference URI="myactionid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>rhv8rDblUzPpIWIHqoiSXfAFvak=</ds:DigestValue> </ds:Reference> Actual: <ds:Reference URI="myactionid"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"> <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap wsa wsse wsu xsd xsi"/> </ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>rhv8rDblUzPpIWIHqoibXfAavTk=</ds:DigestValue> </ds:Reference> Any help is appreciated. Regards, Mansoor Khan

Posted by Mansoor Khan on April 02, 2007 at 07:51 PM IST #

Hi Mansoor, We had made this fix for xwss 3.0 only. Is it possible for you to try the 3.0 release? If not, tell us, we can try to put a similar fix on 2.0 branch as well.

Posted by Ashutosh Shahi on April 03, 2007 at 03:18 AM IST #

OK, so now we have fix in 2.0 branch as well. Please try with the latest jars from https://xwss.dev.java.net/files/documents/4864/54045/xwss-2.0.zip . We will not generate prefixList by default - this should solve your case. In case you need prefixList, you will need to specify conformance="bsp" attribute on Service element e.g. <xwss:Service conformance="bsp"> ... </xwss:Service>

Posted by Ashutosh Shahi on April 03, 2007 at 04:53 AM IST #

It works fine. Thanks for the fix. Regards, Mansoor Khan

Posted by Mansoor Khan on April 03, 2007 at 09:08 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

ashutoshshahi

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks
Blogroll

No bookmarks in folder