Re: XML Security & JAXB

[Bradley Beddoes]

Hi Dave,
I have a library you can take a look at its OSS Apache 2.0 and I've 
already dealt with all of the pain.

Its tagged as a SAML 2.0 library but in reality you could feed it any 
schema and get going infact we have plans to generalize it out sometime 
in the future when that magical day I'm not busy comes along :).

http://esoeproject.org/fisheye/browse/esoe/branches/development/saml2java/src/com/qut/middleware/saml2

I hope this helps even if just as a code example.

regards,
Bradley
--
Bradley Beddoes
Lead Software Architect
Intient Pty Ltd
http://intient.com

Lucas, Mike wrote:
Hey Dave,
We do the same thing actually; sorry I was thinking you were starting
with XML that you had to encrypt.

What we do is take the XML and load it into a Document object first,
then do the decryption if necessary. (The decryption modifies the
Document object.) Finally we pass the Document to JAXB which unmarshalls
it into Java objects (POJOs).

-Mike


-----Original Message-----
From: Dave Hoffer [mailto:[EMAIL PROTECTED] 
Sent: November 7, 2007 1:46 PM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB


Thanks for the reply...

In my case I start with XML with (possibly) encrypted content, I then
need to get to POJOs.  XML is essentially the data storage medium.  I
don't see how to accomplish this.

-dh



-----Original Message-----
From: Lucas, Mike [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, November 07, 2007 11:01 AM
To: security-dev@xml.apache.org
Subject: RE: XML Security & JAXB

I've done this by using JAXB to build the full unencrypted XML, then
marshalling to a org.w3c.dom.Document and using XML Security library to
perform encryption on the Document object.

I realise this may not be the best solution in all cases, especially if
you need to get the Document back into JAXB again (could be a
significant performance impact). It worked well for me because I could
do the encryption as the final step before returning the XML to the
caller.


-----Original Message-----
From: Dave Hoffer [mailto:[EMAIL PROTECTED] 
Sent: November 7, 2007 9:40 AM
To: security-dev@xml.apache.org
Subject: XML Security & JAXB


We have a schema we bind to Java using JAXB (and C++ with LMX) which
works well.  I know have been asked to encrypt certain element data. How
can I do this and not loose the schema to POJO binding?

What is the best way to accomplish this?
Does XSD support XML Security in some way?
Does JAXB or other binding implementation support XML Security?

-Dave






--
Bradley Beddoes
Lead Software Architect
Intient

http://intient.com - "Building intelligent open source solutions for
your enterprise"