Some links for those looking for more information on this kind of
integrity and authenticity verification:
http://en.wikipedia.org/wiki/Message_authentication_code
http://en.wikipedia.org/wiki/HMAC
On Mon, May 19, 2008 at 6:33 PM, Garth Patil <[EMAIL PROTECTED]> wrote:
> Hi Ruwan,
> I need a byte-accurate representation of the body because my
> requirement is to validate the message authenticity using a keyed-hash
> message authentication code.
> For example, a client would sign the request by placing a value in the
> header that is the result of hashing the request body along with a
> shared secret key. In order to create a mediator that can accurately
> reproduce the keyed-hash message authentication code, the server must
> have the same bytes from the request as the client, not a
> representation of it.
> Given that, it sounds like I should access the data handler as I would
> a binary message. How do I do that in Synapse?
> Thanks,
> Garth
>
> On Mon, May 19, 2008 at 6:24 PM, Ruwan Linton <[EMAIL PROTECTED]> wrote:
>> At the same time could you please elaborate a bit on your requirement? why
>> you need the request body as an InputStream?
>>
>> Thanks,
>> Ruwan
>>
>> On Tue, May 20, 2008 at 6:53 AM, Ruwan Linton <[EMAIL PROTECTED]>
>> wrote:
>>
>>> Hi Garth,
>>>
>>> If you want to retrieve the message body as an input stream, no you cannot
>>> retrieve the input stream but just the built message as xml in which case;
>>>
>>> synCtx.getEnvelope() will give you the envelope.
>>>
>>> If you are referring to a binary message (non xml/non text, binary data)
>>> then you can access the request stream by getting the access to the data
>>> handler in the payload of the envelope. If what you are referring to is this
>>> please do let me know, so that I can provide you with more information on
>>> this.
>>>
>>> Thanks,
>>> Ruwan
>>>
>>>
>>> On Tue, May 20, 2008 at 6:31 AM, Garth Patil <[EMAIL PROTECTED]> wrote:
>>>
>>>> Hi All,
>>>> I am trying to write an mediator that needs access to the underlying
>>>> body of the request (in order to verify message authenticity using a
>>>> header). I can get the header like this:
>>>> public boolean mediate(MessageContext synCtx) {
>>>> org.apache.axis2.context.MessageContext mc = ((Axis2MessageContext)
>>>> synCtx)
>>>> .getAxis2MessageContext();
>>>> Map headers = (Map) mc
>>>>
>>>> .getProperty(org.apache.axis2.context.MessageContext.TRANSPORT_HEADERS);
>>>> String myHeader = (String) header.get("My-Digest-Header");
>>>> ...
>>>> But I also need to get access to the body of the request (like I'd do
>>>> using request.getInputStream() in a servlet). Any ideas if it is
>>>> available and how I can get at it?
>>>> Thanks,
>>>> Garth
>>>>
>>>
>>>
>>>
>>> --
>>> Ruwan Linton
>>> http://www.wso2.org - "Oxygenating the Web Services Platform"
>>
>>
>>
>>
>> --
>> Ruwan Linton
>> http://www.wso2.org - "Oxygenating the Web Services Platform"
>>
>
