Hi, If you are planning to sign the message the standard [1] way then you will have to place the "Signature" element in the "Security" header of the SOAP message. The WS-Sec spcefication describes how to encrypt and/or sign the message while preserving SOAP envelop structure.
You can do this using the Apache WSS4J if you are planning to sign/encrypt SOAP messages. Thanks, Ruchith 1. http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf On Nov 9, 2007 8:03 PM, <[EMAIL PROTECTED]> wrote: > Hi, > > How do I determine where the <ds:Signature> element is placed in the result > XML? E.g., I have a SOAP message like this: > > <env:Envelope> > <env:Header ... /> > <env:Body> > <pdpa:message>...</pdpa:message> > </env:Body> > </env:Envelope> > > My code signs only the <pdpa:message> part (using XPath-Transforms). In the > resulting tree, the signature is added *after* the </env:Body>: > > <env:Body> > <pdpa:message>...</pdpa:message> > </env:Body> > <ds:Signature>...</ds:Signature> > </env:Envelope> > > I would, however, like to add it to the <pdpa:message> part: > > <env:Body> > <pdpa:message>...</pdpa:message> > <ds:Signature>...</ds:Signature> > </env:Body> > </env:Envelope> > > Reason: that way, I can just encrypt the <pdpa:message> (replace with > <xenc:EncryptedData>) and preserve a correct SOAP message (with a Body > element). The way it is now, I would encrypt the <pdpa:message> and have a > signature "on the outside", which I consider weaker due to the weaknesses in > SHA1. > > The code for the XPath-Transformation is > > String filter[][] = { { XPath2FilterContainer.INTERSECT, > "//Envelope/Body/message" } }; > transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, > XPath2FilterContainer.newInstances(insideDoc, filter)); > > Which I think is correct. Where do I make the mistake? > > Thanks, > Ralph > > -- > For contact details, please see www.ralphholz.de. > -- http://blog.ruchith.org http://wso2.org
