Hi Ruchith, I think it should be possible for a user to specify any namespace prefix he wants in the XPath expression (and which is supposed to be present in the document). We don't know which element the user wants to sign/encrypt in advance, and a user can add any custom namespace prefix that will not be known in advance.
Therefore my proposal is to enumerate through the document namespaces but only once - because this list will probably be needed for other rampart components as well - then, we can store this in the rampartMessageData for instance. What do you think ? The other alternative is to accept only XPath expressions that contain a namespace prefix attribute in the <XPath> tag (this is allowed by spec!) , but I am not sure how inter-operable this could be... Maybe Hans can also give his feedback ? Best Regards, Angel On 5/6/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
Hi Angel, Great news ! As for the question of prefixes I declared the well known prefixes when I did the MTOM optimization of base64 content with rampart's earlier parameter based configuration. Please see here : findElements() : https://svn.apache.org/repos/asf/webservices/rampart/trunk/java/modules/rampart-core/src/main/java/org/apache/rampart/util/MessageOptimizer.java This way we will have to document and let users know that we expect the xpath expression to use these prefixes. What do you think? Thanks, Ruchith On 5/6/07, Angel Todorov <[EMAIL PROTECTED]> wrote: > Hi Ruchith, > > I have almost implemented the XPath support through EncryptedElements > / SignedElements. I had to fix several other things as well. I still > have one question which is not clear to me - with respect to namespace > prefixes in the XPath expressions: > > If i have in the policy definition: > > <sp:SignedElements> > <sp:XPath>/soapenv:Envelope/soapenv:Body</sp:XPath> > </sp:SignedElements> > > or even: > > <sp:SignedElements> > <sp:XPath>/soapenv:Envelope/soapenv:Header/wsse:Security/wsse:UsernameToken</sp:XPath> > </sp:SignedElements> > > How is the XPath engine going to know which namespaces to add , in > order to resolve the "soapenv" prefixes? Also, what if there are > proprietary prefixes defined ? > > Is there some way to get all defined prefix <-> namespace mappings , > in order to register them when doing the XPath lookups ? > > The simplest alternative would be to traverse the DOM document and > extract these myself, and store them in some Set-based structure. > Thanks. > > Regards, > Angel > > On 4/24/07, Angel Todorov <[EMAIL PROTECTED]> wrote: > > Hi Ruchith, > > > > I tried to debug the call on the server side, when using > > <EncryptedElements> in the policy, but when i go through the variables > > in the debugger, i see that the encrypted elements is empty (in the > > policy model). Does this mean that the rampart policy builder also > > ignores Signed/Encrypted Elements? Thanks. > > > > Regards, > > Angel > > > > On 4/22/07, Angel Todorov <[EMAIL PROTECTED]> wrote: > > > Hi Ruchith, > > > > > > Yes I can try to implement this. Can you suggest in which classes > > > exactly the modifications for XPath support have to be hooked ? > > > Thanks. > > > > > > Regards, > > > Angel > > > > > > On 4/19/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote: > > > > Hi Angel, > > > > > > > > I don't think we will be supporting Signed/EncryptedElements assertion > > > > in the next release. I think we will have to do the next release soon > > > > after the axis2-1.2 release and WSS4J 1.5.2 release. My estimate of > > > > the release date is the first week of May. > > > > > > > > However we certainly can use some help in getting this implemented. > > > > Patches are always welcome ! :-) > > > > > > > > Thanks, > > > > Ruchith > > > > > > > > On 4/19/07, Angel Todorov <[EMAIL PROTECTED]> wrote: > > > > > Hi all, > > > > > > > > > > Is XPath support for addressing and processing arbitrary message > > > > > elements planned to be supported in the next release of rampart ? > > > > > Thanks. > > > > > > > > > > Regards, > > > > > Angel > > > > > > > > > > > > > > > > > -- > > > > www.ruchith.org > > > > www.wso2.org > > > > > > > > > > -- www.ruchith.org www.wso2.org
