Hi Ruchith, This is normally done by defining the Signed/Encrypted Elements on the message level granularity. At least that's what many WS frameworks do, such as WSIT. Then you can define different signed and encrypted elements with different XPath expressions for the request and response messages. I hope this is currently possible with rampart? At least I have seen that one can apply different policies for each operation , and even message, in services.xml.
Regards, Angel On 5/14/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote:
Hi Angel, Looks good ! I'm a little concerned with the default namespace strategy since I'm not sure how it works in the following example: - Our client (Rampart) generates a request with standard prefixes such as wsse, wst wsc etc. - We define the xpath expression in the policy using those. - Rampart client talks to a different service where it uses prefixes s, t, and sc in the response. - Now since those prefixes are not found in the message the xpath will not select signed elements for validation. Thoughts? Thanks, Ruchith On 5/14/07, Angel Todorov <[EMAIL PROTECTED]> wrote: > Hi Ruchith & All, > > You can find the xpath support diffs here: > > https://issues.apache.org/jira/browse/RAMPART-40 > > Currently the default strategy with respect to namespace prefixes is > to get and register all defined namespaces in the message, so that the > user can use *any* namespace prefix in the XPath expressions. > > An alternative which I have also developed is to use the method > "findDefaultPrefixNamespaces" , which uses a predefined list of > namespaces. > > I hope the changes will be committed to rampart-1.2 and will benefit > everyone -:) Thanks. > > Best Regards, > Angel > -- www.ruchith.org www.wso2.org
