I see how you can read and decrypt an XML file. Can you then take this Document and feed it to JAXB to get POJOs?
You mention that the XML Security library will modify the Document object which is what I would expect. Do you then have either a Document object or XSD that is usable by JAXB to generate POJOs? What about the reverse? Can you generate the encrypted XML using this approach? What SAML library do you use? -Dave -----Original Message----- From: Lucas, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 5:31 PM To: security-dev@xml.apache.org Subject: RE: XML Security & JAXB With SAML it's quite easy: 1. There's only one XSD. It defines that certain elements can be encrypted and if encrypted they will have different names. E.g. <Assertion> will be replaced by <EncryptedAssertion>. The <EncryptedAssertion> element can appear anywhere the <Assertion> element can. 2. I check for encryption simply by looking for the presence of any encrypted elements by name. (The only encrypted elements in SAML are EncryptedAssertion, EncryptedAttribute, EncryptedID.) I actually just do a String search (indexOf() method) but XPath query would work too I think. 3. If there are encrypted elements, I decrypt them using the XML Security library. It modifies the Document object with each decryption operation so you have to be cognizant of that. - Mike -----Original Message----- From: Dave Hoffer [mailto:[EMAIL PROTECTED] Sent: November 7, 2007 4:02 PM To: security-dev@xml.apache.org Subject: RE: XML Security & JAXB Mike, Okay, that sounds good. How do you deal with the XML schema? Since JAXB needs the XSD of the un-encrypted XML(my assumption), I assume your XSD is un-aware of any encryption? You say you load the XML into a Document object first and then do the decryption if necessary. How do you know if it is necessary? Do you have yet another document (XSD or something) that defines what is encrypted so you know what to do? What does your process look like? -Dave -----Original Message----- From: Lucas, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 3:30 PM To: security-dev@xml.apache.org Subject: RE: XML Security & JAXB Hey Dave, We do the same thing actually; sorry I was thinking you were starting with XML that you had to encrypt. What we do is take the XML and load it into a Document object first, then do the decryption if necessary. (The decryption modifies the Document object.) Finally we pass the Document to JAXB which unmarshalls it into Java objects (POJOs). -Mike -----Original Message----- From: Dave Hoffer [mailto:[EMAIL PROTECTED] Sent: November 7, 2007 1:46 PM To: security-dev@xml.apache.org Subject: RE: XML Security & JAXB Thanks for the reply... In my case I start with XML with (possibly) encrypted content, I then need to get to POJOs. XML is essentially the data storage medium. I don't see how to accomplish this. -dh -----Original Message----- From: Lucas, Mike [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 07, 2007 11:01 AM To: security-dev@xml.apache.org Subject: RE: XML Security & JAXB I've done this by using JAXB to build the full unencrypted XML, then marshalling to a org.w3c.dom.Document and using XML Security library to perform encryption on the Document object. I realise this may not be the best solution in all cases, especially if you need to get the Document back into JAXB again (could be a significant performance impact). It worked well for me because I could do the encryption as the final step before returning the XML to the caller. -----Original Message----- From: Dave Hoffer [mailto:[EMAIL PROTECTED] Sent: November 7, 2007 9:40 AM To: security-dev@xml.apache.org Subject: XML Security & JAXB We have a schema we bind to Java using JAXB (and C++ with LMX) which works well. I know have been asked to encrypt certain element data. How can I do this and not loose the schema to POJO binding? What is the best way to accomplish this? Does XSD support XML Security in some way? Does JAXB or other binding implementation support XML Security? -Dave
