Dims, I'll add two samples which can easily be modified and which relate to each other. I'll send you a notification about that.
Christian --On Montag, 7. Januar 2002 18:14 -0800 Davanum Srinivas <[EMAIL PROTECTED]> wrote: > Christian, > > Spent some time one the two samples CreateSignature.java and > VerifySignature.java. The first samples creates signature.xml and the > second one looks for hereSignature.xml....So i had to rename the generate > signature.xml and feed it to VerifySignature.java. Is this right? If yes, > i will try to spend some time tomorrow to bootstrap you with > SimpleAxisServer with a custom Handler and some client code. > > Thanks, > dims > > --- Christian Geuer-Pollmann <[EMAIL PROTECTED]> wrote: >> Hi Davanum, >> >> I implemented the "XML Signature" spec [1] which is now available under >> [2]. The distribution contains some examples how XML Signature can be >> created and verified. These are stand-alone-examples which create a DOM >> structure, sign it and write it to a file or verify an existing >> Signature. Well, these examples are quite nice to demonstrate how >> signatures are created and verified, but I wanted to add code on how a >> SOAP message can be signed (at the client) and verified (at the >> server's side). The "SOAP Security Extensions: Digital Signature" [3] >> decribe how XML Signatures are 'embedded' into a SOAP message. >> >> Well, I'm not a SOAP guru and I don't want to spend weeks installing >> Tomcat and learning how to create SOAP messages. It would be nice to >> get a small 'stand-alone-client' and possibly (like Sam showed) a >> server which gives me access to the Message: The client creates a >> request, and before sending this request, I can sign it and put the >> Signature into the Envelope. The server side the same: The server get's >> a request and before >> processing/dispatching it, I can verify whether the Signature is valid >> (for demonstration purposes using a sample certificate). >> >> A second problem was: Should I provide such an example for "Apache SOAP" >> or "Apache AXIS"? >> >> Maybe this gives an idea about it. BTW; if you wanna see how such an >> example could look like: [4] >> >> Regards, >> Christian >> >> [1] http://www.w3.org/TR/xmldsig-core/ >> [2] http://xml.apache.org/security/index.html >> [3] http://www.w3.org/TR/SOAP-dsig/ >> [4] >> http://cvs.apache.org/viewcvs.cgi/xml-security/src_samples/org/apache/xm >> l/s ecurity/samples/signature/CreateSignature.java >> >> --On Montag, 7. Januar 2002 07:19 -0800 Davanum Srinivas >> <[EMAIL PROTECTED]> wrote: >> >> > Can you elaborate a bit more on your thoughts? An overview of how you >> > think we can make SOAP more secure using xml-security...This will help >> > generate more ideas. >> > >> > Thanks, >> > dims >> > >> > --- Sam Ruby <[EMAIL PROTECTED]> wrote: >> >> Note: I'm cross posting to Axis dev. Please continue the discussion >> >> there. >> >> >> >> Christian Geuer-Pollmann wrote: >> >> > >> >> > I'm not an Apache SOAP/AXIS user, so it was hard for me to play >> >> > around with these tools. I asked soap-user and soap-dev how I can >> >> > directly access the soap message as a DOM tree to add a >> >> > SOAP-SECURITY signature. Unfortunately no response. I want to add >> >> > an example to xml-security how a SOAP message can be signed and >> >> > this signature can be verified according to [1]. If there is >> >> > someone out there who can show me how to create a simple SOAP msg >> >> > using AXIS and how I can modify the resulting DOM tree, I'll >> >> > provide this example. The only thing that stopped me was installing >> >> > tomcat and all these things. --------------------------------------------------------------------- In case of troubles, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
