Hi Mayank,
When you say "one way to achieve this is to specify the URI of the
EncryptedData", do you mean QName, instead of URI?
I get the sense from what you are saying that your message may have
multiple EncryptedData elements in it, and you want to sign one, but
not others. Is that right?
If you have only one EncryptedData, then you should be able to direct
the WSS4J toolkit to sign it, by specifying the EncryptedData QName,
in configuration of the interceptor.
Unfortunately, WSS4J does not provide XPath support for protecting
(signing/encrypting) message parts, so using QNames is inherently
ambiguous.
-Fred
On Jan 18, 2008, at 2:24 AM, Mayank Mishra wrote:
Any reply to this thread will be highly appreciated.
Thanking in advance,
With Regards,
Mayank
Mayank Mishra wrote:
Hi,
Usually we use, Sign and then Encrypt action for any particular xml
element. If I want to use Encrypt and then Sign for a particular
xml element, then SignatureAction fails to find the xml element.
The reason is it has been encrypted and hence corresponding
EncryptedData element will be there.
One way to achieve this, is to specify, URI of EncryptedData itself
in the signature parts. (It should work, though I haven't tested
it). But this is not a full proof solution if I want only specific
element only to be encrypted and eventually signed.
*Is there any mechanism to achieve this?* The only way I can think
of achieving this is to maintain a list of wsu:id's of
corresponding EncryptedData elements and add URI of them to
Signature Parts during .SignatureAction. This may be performed in
adding another interceptor which handles the message after
encryption has been done.
Please let me know your views/suggestions about this.
Thanking in advance. :)
With Regards,
Mayank
