Dims, I added two samples under
CVS/xml-security/src_samples/org/apache/xml/security/samples AxisSigner.java and AxisVerifier.java create a SOAP msg (sorry for the stuupid code) and sign the Body (and verify it). --On Dienstag, 8. Januar 2002 09:26 +0100 Christian Geuer-Pollmann <[EMAIL PROTECTED]> wrote: > Dims, > > I'll add two samples which can easily be modified and which relate to > each other. I'll send you a notification about that. > > Christian > > --On Montag, 7. Januar 2002 18:14 -0800 Davanum Srinivas <[EMAIL PROTECTED]> > wrote: > >> Christian, >> >> Spent some time one the two samples CreateSignature.java and >> VerifySignature.java. The first samples creates signature.xml and the >> second one looks for hereSignature.xml....So i had to rename the generate >> signature.xml and feed it to VerifySignature.java. Is this right? If yes, >> i will try to spend some time tomorrow to bootstrap you with >> SimpleAxisServer with a custom Handler and some client code. >> >> Thanks, >> dims >> >> --- Christian Geuer-Pollmann <[EMAIL PROTECTED]> wrote: >>> Hi Davanum, >>> >>> I implemented the "XML Signature" spec [1] which is now available under >>> [2]. The distribution contains some examples how XML Signature can be >>> created and verified. These are stand-alone-examples which create a DOM >>> structure, sign it and write it to a file or verify an existing >>> Signature. Well, these examples are quite nice to demonstrate how >>> signatures are created and verified, but I wanted to add code on how a >>> SOAP message can be signed (at the client) and verified (at the >>> server's side). The "SOAP Security Extensions: Digital Signature" [3] >>> decribe how XML Signatures are 'embedded' into a SOAP message. >>> >>> Well, I'm not a SOAP guru and I don't want to spend weeks installing >>> Tomcat and learning how to create SOAP messages. It would be nice to >>> get a small 'stand-alone-client' and possibly (like Sam showed) a >>> server which gives me access to the Message: The client creates a >>> request, and before sending this request, I can sign it and put the >>> Signature into the Envelope. The server side the same: The server get's >>> a request and before >>> processing/dispatching it, I can verify whether the Signature is valid >>> (for demonstration purposes using a sample certificate). >>> >>> A second problem was: Should I provide such an example for "Apache SOAP" >>> or "Apache AXIS"? >>> >>> Maybe this gives an idea about it. BTW; if you wanna see how such an >>> example could look like: [4] >>> >>> Regards, >>> Christian >>> >>> [1] http://www.w3.org/TR/xmldsig-core/ >>> [2] http://xml.apache.org/security/index.html >>> [3] http://www.w3.org/TR/SOAP-dsig/ >>> [4] >>> http://cvs.apache.org/viewcvs.cgi/xml-security/src_samples/org/apache/xm >>> l/s ecurity/samples/signature/CreateSignature.java >>> >>> --On Montag, 7. Januar 2002 07:19 -0800 Davanum Srinivas >>> <[EMAIL PROTECTED]> wrote: >>> >>> > Can you elaborate a bit more on your thoughts? An overview of how you >>> > think we can make SOAP more secure using xml-security...This will help >>> > generate more ideas. >>> > >>> > Thanks, >>> > dims >>> > >>> > --- Sam Ruby <[EMAIL PROTECTED]> wrote: >>> >> Note: I'm cross posting to Axis dev. Please continue the discussion >>> >> there. >>> >> >>> >> Christian Geuer-Pollmann wrote: >>> >> > >>> >> > I'm not an Apache SOAP/AXIS user, so it was hard for me to play >>> >> > around with these tools. I asked soap-user and soap-dev how I can >>> >> > directly access the soap message as a DOM tree to add a >>> >> > SOAP-SECURITY signature. Unfortunately no response. I want to add >>> >> > an example to xml-security how a SOAP message can be signed and >>> >> > this signature can be verified according to [1]. If there is >>> >> > someone out there who can show me how to create a simple SOAP msg >>> >> > using AXIS and how I can modify the resulting DOM tree, I'll >>> >> > provide this example. The only thing that stopped me was installing >>> >> > tomcat and all these things. > > > --------------------------------------------------------------------- > In case of troubles, e-mail: [EMAIL PROTECTED] > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- In case of troubles, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
