We're currently looking into using WSS4J to sign the messages sent between several of our systems. Using the examples and tests all went surprisingly well, and the actual process of sighing and validating the messages works OK.
We use WSS4J without axis, and just use the API directly. When looking at the output of the signing step I noticed a lot of namespaces that weren't really necessarily. For example from the test cases provided with WSS4J: Input message: <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <SOAP-ENV:Body> <add xmlns="http://ws.apache.org/counter/counter_port_type";> <value xmlns=""> 15 </value> </add> </SOAP-ENV:Body> This results in the message shown next. What can be seen here is that the namespace declarations are repeated on each and every element. Although there is technically nothing wrong with this, it seems a bit excessive. Is there a way to tune / alter this? Or am I just missing something in the configuration? <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <SOAP-ENV:Header xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:Signature xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:SignedInfo xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> <ds:Reference URI="#id-15142448" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:Transforms xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> <ds:DigestValue xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> OdONdZz0THG5WAVoj+JKT7Dm2mE= </ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog== </ds:SignatureValue> <ds:KeyInfo Id="KeyId-7461949" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <wsse:SecurityTokenReference wsu:Id="STRId-1321194" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:X509IssuerSerial xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <ds:X509IssuerName xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> CN=key1 </ds:X509IssuerName> <ds:X509SerialNumber xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> 1124976807 </ds:X509SerialNumber> </ds:X509IssuerSerial> </wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature> </wsse:Security> </SOAP-ENV:Header> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <add xmlns="http://ws.apache.org/counter/counter_port_type"; xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <value xmlns="" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> 15 </value> </add> </SOAP-ENV:Body> </SOAP-ENV:Envelope> With kind regards, Jos Dirksen --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
