Raul,
in WSS4J we do Signatures. During the Id resolver we call the circumvent
method. AFAIK we do not use XPath to select the nodes to sign, just id
references. After locating the element to sign the resolver constructs
a node set of all nodes to sign. This node set of course includes
all nodes (
Why you do you need to create a nodeset?
It's your code in CVS, can I take a look to it?
Regards,
Raul
On 9/22/05, Werner Dittmann <[EMAIL PROTECTED]> wrote:
> Raul,
>
> in WSS4J we do Signatures. During the Id resolver we call the circumvent
> method. AFAIK we do not use XPath to select the nod
What version of XMLSec are you using?
Also, don't return an XPath node-set of all the nodes of the element's
subtree. By doing this, you will not take advantage of the optimizations
in the XMLSec library when canonicalizing subtrees and it could also be
the reason you need to invoke circumvent
Raul,
the code is now in SVN, the module is
org.apache.ws.security.message.EnvelopeIdResolver.
Just access
http://svn.apache.org/repos/asf/webservices/wss4j
and go down via src.
Today I had some discussions on th WSS4J mailing list regarding
this topic and after looking at the javadoc of the c
Sean,
we try to keep up with the leading edge of the xml-sec (1.2.96).
However, once upon a time it was necessary to return a node set AFAIK.
Regards,
Werner
Sean Mullan wrote:
> What version of XMLSec are you using?
>
> Also, don't return an XPath node-set of all the nodes of the element's
> s
You are right Sean.
This is always the best way to handle references.
Anyway I think that we need a FAQ or little article that summaries the
XML signature best practises.
I have tried to do this in the slides that I send. But I don't think
I manage to do a good job.
But If anyone is interested in
Raul, Sean,
using this technique destroy several of my testcases. The WSS spec
defines a special transformation (SecurityTokenReference Transformation,
STRTransform). This Transformation does not work when I use the
proposed technique.
It seems that namespaces are missing, the trick I used to for
