[prev in list] [next in list] [prev in thread] [next in thread]
List: jaxme-dev
Subject: Re: WSS4J: Local id attribute and Signature References
From: Colm O hEigeartaigh <coheigea () apache ! org>
Date: 2013-07-31 8:10:49
Message-ID: CAB8XdGD4m=AcDHBUTXaoKi8VJTu=UvmRYEJM+RkD5mCKLQFeCQ () mail ! gmail ! com
[Download RAW message or body]
I'm reluctant to make this kind of change. Can you not just implement your
own CallbackLookup implementation to find Elements using these Ids?
Colm.
On Wed, Jul 31, 2013 at 12:05 AM, Nathan Clement <
nathan.a.clement@hotmail.com> wrote:
> Hi Colm,
>
> Thanks for your help on this. Would it also be possible to change
> WSSecurityUtil.findElementById to add these 2 attributes as well? I've
> added the following lines in my local copy of the source:
>
> if ("".equals(attributeNS) || !id.equals(attributeNS)) {
> attributeNS = se.getAttributeNS(null, "id");
> }
> if ("".equals(attributeNS) || !id.equals(attributeNS)) {
> attributeNS = se.getAttributeNS(WSConstants.XML_NS,
> "id");
> }
>
> Thanks,
>
> Nathan
>
> ------------------------------
> Date: Wed, 24 Jul 2013 12:03:14 +0100
> Subject: Re: WSS4J: Local id attribute and Signature References
> From: coheig@gmail.com
> To: dev@ws.apache.org
>
>
> > I implemented my own CallbackLookup to look up referenced elements by
> local id attribute. However, the referenced elements were still
> > not found by WSS4J because WSSecurityUtil. storeElementInContext does
> not know about references using the local "id" attribute.
>
> Looks like you've found a bug :-) I've fixed this on trunk by adding a new
> method to CallbackLookup to make the implementation responsible for setting
> the appropriate Id on the Context. On 1.6.x, I'm going to also register
> "xml:id" and "id" in WSSecurityUtil.storeElementInContext, to cater for
> your use-cases.
>
> > Also, I noticed that the WSSecurityUtil.findElementById method looks for
> elements using both the wsu:Id and local Id attributes (note the
> > capital I in Id).
>
> "Id" is used in the XML Digital Signature specification.
>
> Colm.
>
>
> On Wed, Jul 24, 2013 at 5:48 AM, Nathan Clement <
> nathan.a.clement@hotmail.com> wrote:
>
> Hi Colm,
>
> I implemented my own CallbackLookup to look up referenced elements by
> local id attribute. However, the referenced elements were still not found
> by WSS4J because WSSecurityUtil.storeElementInContext does not know about
> references using the local "id" attribute. I don't see any way that I can
> override this behaviour - am I missing something?
>
> Also, I noticed that the WSSecurityUtil.findElementById method looks for
> elements using both the wsu:Id and local Id attributes (note the capital I
> in Id). I couldn't see this attribute anywhere in the WS-Security spec.
> This seems to have been introduced in r785171. Is this attribute required
> by another spec?
>
>
> Thanks,
>
> Nathan
>
> ------------------------------
> Date: Mon, 22 Jul 2013 16:11:13 +0100
> Subject: Re: WSS4J: Local id attribute and Signature References
> From: coheigea@apache.org
> To: dev@ws.apache.org
>
> Hi Nathan,
>
> I guess this is the kind of scenario that you should plug in your own
> CallbackLookup implementation. You can set one on the WSSecurityEngine
> implementation used as the starting point for WS-Security processing.
>
> Colm.
>
>
> On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement <
> nathan.a.clement@hotmail.com> wrote:
>
> Hi,
>
> The WS-Security spec says in section 4 "ID References":
>
> *However, because some key schemas used by this specification don't allow
> attribute extensibility (namely XML Signature and XML Encryption), this
> specification also allows use of their local ID attributes in addition to
> the wsu:Id attribute and the xml:id attribute [XMLID]*
>
> We are attempting to process an AS4 message, and the AS4 spec (
> http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html)
> says in section 5.1.4 regarding the signature reference for the
> eb:Messaging header:
>
> *The eb:Messaging header SHOULD be referenced using the “id” attribute.*
>
> WSS4J doesn't seem to support looking up referenced elements by a local id
> attribute. DOMCallbackLookup calls WSSecurityUtil.findElementById which
> only looks for wsu:Id or Id (with a capital I) with no namespace.
>
> Should WSS4J allow lookup of a signed element by local id attribute?
>
> i.e.
>
> <eb:Messaging s:mustUnderstand="true" id="ebms_header" ...
>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:Reference URI="#ebms_header">
>
> Thanks,
>
> Nathan
>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[Attachment #3 (text/html)]
<div dir="ltr"><div><br></div>I'm reluctant to make this kind of change. Can you \
not just implement your own CallbackLookup implementation to find Elements using \
these Ids?<br><br>Colm.<br></div><div class="gmail_extra"> <br><br><div \
class="gmail_quote">On Wed, Jul 31, 2013 at 12:05 AM, Nathan Clement <span \
dir="ltr"><<a href="mailto:nathan.a.clement@hotmail.com" \
target="_blank">nathan.a.clement@hotmail.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">
<div><div dir="ltr">Hi Colm,<br><br>Thanks for your help on this. Would it also be \
possible to change WSSecurityUtil.findElementById to add these 2 attributes as well? \
I've added the following lines in my local copy of the source:<br> <br> \
if ("".equals(attributeNS) || !id.equals(attributeNS)) {<br> \
attributeNS = se.getAttributeNS(null, "id");<br> }<br> \
if ("".equals(attributeNS) || !id.equals(attributeNS)) {<br> attributeNS = \
se.getAttributeNS(WSConstants.XML_NS, "id");<br> \
}<br><br>Thanks,<br><br>Nathan<br><br><div><hr>Date: Wed, 24 Jul 2013 12:03:14 \
+0100<br>Subject: Re: WSS4J: Local id attribute and Signature \
References<br>
From: <a href="mailto:coheig@gmail.com" target="_blank">coheig@gmail.com</a><br>To: \
<a href="mailto:dev@ws.apache.org" target="_blank">dev@ws.apache.org</a><br><br><div \
dir="ltr"><div><div><br>> I implemented my own CallbackLookup to look up \
referenced elements by local id attribute. However, the referenced elements were \
still <br>> not found by WSS4J because WSSecurityUtil. storeElementInContext does \
not know about references using the local "id" attribute. \
<br><br></div><div>Looks like you've found a bug :-) I've fixed this on trunk \
by adding a new method to CallbackLookup to make the implementation responsible for \
setting the appropriate Id on the Context. On 1.6.x, I'm going to also register \
"xml:id" and "id" in WSSecurityUtil.storeElementInContext, to \
cater for your use-cases.<br>
</div><div><br></div>> Also, I noticed that the WSSecurityUtil.findElementById \
method looks for elements using both the wsu:Id and local Id attributes (note the
<br>> capital I in Id). <br><br>"Id" is used in the XML Digital \
Signature specification.<br><br></div>Colm.<br></div><div><br><br><div>On Wed, Jul \
24, 2013 at 5:48 AM, Nathan Clement <span dir="ltr"><<a \
href="mailto:nathan.a.clement@hotmail.com" \
target="_blank">nathan.a.clement@hotmail.com</a>></span> wrote:<br>
<blockquote style="border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">Hi Colm,<br><br>I implemented my own CallbackLookup to look up \
referenced elements by local id attribute. However, the referenced elements were \
still not found by WSS4J because WSSecurityUtil.storeElementInContext does not know \
about references using the local "id" attribute. I don't see any way \
that I can override this behaviour - am I missing something?<br>
<br>Also, I noticed that the WSSecurityUtil.findElementById method looks for elements \
using both the wsu:Id and local Id attributes (note the capital I in Id). I \
couldn't see this attribute anywhere in the WS-Security spec. This seems to have \
been introduced in r785171. Is this attribute required by another spec?<div>
<div><br><br>Thanks,<br><br>Nathan<br><br><div><hr>Date: Mon, 22 Jul 2013 16:11:13 \
+0100<br>Subject: Re: WSS4J: Local id attribute and Signature References<br>From: <a \
href="mailto:coheigea@apache.org" target="_blank">coheigea@apache.org</a><br>
To: <a href="mailto:dev@ws.apache.org" \
target="_blank">dev@ws.apache.org</a><br><br><div dir="ltr"><div>Hi \
Nathan,<br><br></div>I guess this is the kind of scenario that you should plug in \
your own CallbackLookup implementation. You can set one on the WSSecurityEngine \
implementation used as the starting point for WS-Security processing.<br>
<br>Colm.<br></div><div><br><br><div>On Fri, Jul 19, 2013 at 1:37 AM, Nathan Clement \
<span dir="ltr"><<a href="mailto:nathan.a.clement@hotmail.com" \
target="_blank">nathan.a.clement@hotmail.com</a>></span> wrote:<br>
<blockquote style="border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">
<div dir="ltr">Hi,<br><br>The WS-Security spec says in section 4 "ID \
References":<br><br><i>However, because some key schemas used by this \
specification don't allow attribute extensibility (namely XML Signature and XML \
Encryption), this specification also allows use of their local ID attributes in \
addition to the wsu:Id attribute and the xml:id attribute [XMLID]</i><br>
<br>We are attempting to process an AS4 message, and the AS4 spec (<a \
href="http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html" \
target="_blank">http://docs.oasis-open.org/ebxml-msg/ebms/v3.0/profiles/AS4-profile/v1.0/os/AS4-profile-v1.0-os.html</a>) \
says in section 5.1.4 regarding the signature reference for the eb:Messaging \
header:<br>
<br><i>The <span>eb:Messaging </span>header SHOULD be referenced using the “id”
attribute.</i><br><br>WSS4J doesn't seem to support looking up referenced \
elements by a local id attribute. DOMCallbackLookup calls \
WSSecurityUtil.findElementById which only looks for wsu:Id or Id (with a capital I) \
with no namespace.<br>
<br>Should WSS4J allow lookup of a signed element by local id \
attribute?<br><br>i.e.<br><br><eb:Messaging s:mustUnderstand="true" \
id="ebms_header" ...<br><br><ds:Signature xmlns:ds="<a \
href="http://www.w3.org/2000/09/xmldsig#" \
target="_blank">http://www.w3.org/2000/09/xmldsig#</a>"><br>
<ds:SignedInfo><br> <ds:Reference \
URI="#ebms_header"><br><br>Thanks,<br><br>Nathan<br></div> </div></div>
</blockquote></div><br></div><br clear="all"><span class="HOEnZb"><font \
color="#888888"><br>-- <br>Colm O hEigeartaigh<br><br>Talend Community Coder<br><a \
href="http://coders.talend.com" target="_blank">http://coders.talend.com</a><br> \
</font></span></div> </div></div> </div></div>
</blockquote></div><br></div></div> </div></div>
</blockquote></div><br></div><br clear="all"><br>-- <br>Colm O \
hEigeartaigh<br><br>Talend Community Coder<br><a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><br>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic