5 Replies Latest reply on Jan 14, 2009 5:21 AM by sstaible

    XML signatures as WS payload?

    sstaible
    sstaible Jan 13, 2009 2:17 PM

      Hi,

      we've implemented a web service that receives a xml structure as input, signs it (with XML-D-Sig) and returns it to the client.

      We found out however that during transport of the xml structure from the client to server (and also back), the whitespaces in the XML data partially stripped from the XML data. This of course makes the XML signature completely unusable.

      To embed the unsigned and signed XML structures into the SOAP-request/response we use the XmlAnyElement annotation (auto-generated JAX-WS2.0 class from the WSDL). So the XML structures are embedded directly as a sub node into the SOAP structure.

      We use JBoss 4.2.3.GA on the server and the respective JBoss client libraries on the client-side.

      Is this behaviour of JBoss normal? I'm quite new to web services, JAXB, JAX-WS and the like but I would expect embedded xml to be transported unmodified over the SOAP channel.

      Any help or explanation of this behaviour is highly appreciated.

      Regards,
      Sven

      www.keyon.ch

      • 806 Views
      • Tags:
        • 1. Re: XML signatures as WS payload?
          ropalka
          ropalka Jan 14, 2009 1:19 AM (in response to sstaible)

           

          "sstaible" wrote:
          Hi,
          Any help or explanation of this behaviour is highly appreciated.

          I suggest you to call Node.normalize() method before calling XML digital signature API.
          You can't rely on the precondition SOAP message will be unmodified (regarding the whitespaces) on other side.

            • Actions
          • 2. Re: XML signatures as WS payload?
            asoldano
            asoldano Jan 14, 2009 3:03 AM (in response to sstaible)

            Is there a reason why you're not using the WS-Security implementation provided by jbossws (which of course offers signing functionalities) ?

              • Actions
            • 3. Re: XML signatures as WS payload?
              sstaible
              sstaible Jan 14, 2009 4:43 AM (in response to sstaible)

               

              "alessio.soldano@jboss.com" wrote:
              Is there a reason why you're not using the WS-Security implementation provided by jbossws (which of course offers signing functionalities) ?

              It's not our goal to secure WS communications. Our service provides XML signature functionality to other software components within the platform that need to sign arbitrary XML data which later on will be archived (together with the signature). So the XML signature is not related to WS technology.

                • Actions
              • 4. Re: XML signatures as WS payload?
                sstaible
                sstaible Jan 14, 2009 4:54 AM (in response to sstaible)

                 

                "richard.opalka@jboss.com" wrote:

                You can't rely on the precondition SOAP message will be unmodified (regarding the whitespaces) on other side.

                Thank you for your response. But then I do not understand why signatures in WS-Security work. I would presume they depend on the same strict XML marshalling requirements. Is there maybe a separate layer in JBoss that handles SOAP messages using WS-security?

                Do you have any reference on why SOAP does not need to preserve the whitespace information?

                  • Actions
                • 5. Re: XML signatures as WS payload?
                  sstaible
                  sstaible Jan 14, 2009 5:21 AM (in response to sstaible)

                   

                  "richard.opalka@jboss.com" wrote:

                  I suggest you to call Node.normalize() method before calling XML digital signature API.

                  This doesn't seem to help as normalize does only normalize DOM representation of the XML structure but does not modify the textual representation (which is relevant for XML signatures).

                    • Actions