All, this is part of the WSS4J handlers after they did all the processing to sign / encrypt. These naespaces are added by the XML-SEC library, not the WSS4J methods. After all the signing/encryption is done the handlers call a functions that converts the DOM into a byte stream. This conversion includes c14n thus removing the unwanted namespaces. The resulting bytestream is used by Axis (or any other SOAP subsystem) as the final request to send.
Pls have a look in the sending part of the handlers how they deal with that. IMO this is a known problem and was discussed on the mail list several times Regards, Werner Prakasa Nedunuri (pnedunur) wrote: > It is happening because wss4j is adding namespaces to circumvent Xalan's > bug #2650. > Here is the workaround. > As part of serializing the signed doc, Call > XMLUtils.outputDOM(signedDoc, os, true). > The signed doc is subjected to normal canonicalization and gets you the > original doc with signature in > byteArrayOutputStream. > > All this should be implicitly done as part of canonicalization in xmlsec > library. > I am not sure why it is not done. Some one needs to look into this. > > Rgds, > P. > > > > > > > -----Original Message----- > From: Jos Dirksen [mailto:[EMAIL PROTECTED] > Sent: Monday, August 29, 2005 6:33 AM > To: [email protected] > Subject: Excessive useof namespaces > > We're currently looking into using WSS4J to sign the messages sent > between several of our systems. Using the examples and tests all went > surprisingly well, and the actual process of sighing and validating the > messages works OK. > > We use WSS4J without axis, and just use the API directly. When looking > at the output of the signing step I noticed a lot of namespaces that > weren't really necessarily. For example from the test cases provided > with WSS4J: > > Input message: > <?xml version="1.0" encoding="UTF-8"?> > <SOAP-ENV:Envelope > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <SOAP-ENV:Body> > <add xmlns="http://ws.apache.org/counter/counter_port_type";> > <value xmlns=""> > 15 </value> > </add> > </SOAP-ENV:Body> > > > This results in the message shown next. What can be seen here is that > the namespace declarations are repeated on each and every element. > Although there is technically nothing wrong with this, it seems a bit > excessive. Is there a way to tune / alter this? Or am I just missing > something in the configuration? > > <?xml version="1.0" encoding="UTF-8"?> > <SOAP-ENV:Envelope xmlns="" > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <SOAP-ENV:Header xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <ds:Signature xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <ds:SignedInfo xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <ds:CanonicalizationMethod > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> > <ds:SignatureMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> > <ds:Reference URI="#id-15142448" > xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <ds:Transforms xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <ds:Transform > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> > </ds:Transforms> > <ds:DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> > <ds:DigestValue xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > OdONdZz0THG5WAVoj+JKT7Dm2mE= > </ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog== > </ds:SignatureValue> > <ds:KeyInfo Id="KeyId-7461949" xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <wsse:SecurityTokenReference > wsu:Id="STRId-1321194" > xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <ds:X509IssuerSerial > xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > <ds:X509IssuerName xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > CN=key1 > > </ds:X509IssuerName> > > <ds:X509SerialNumber xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; > > xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wsse > curity-secext-1.0.xsd" > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > > 1124976807 > > </ds:X509SerialNumber> > </ds:X509IssuerSerial> > </wsse:SecurityTokenReference> > </ds:KeyInfo> > </ds:Signature> > </wsse:Security> > </SOAP-ENV:Header> > <SOAP-ENV:Body wsu:Id="id-15142448" xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <add > xmlns="http://ws.apache.org/counter/counter_port_type"; > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > <value xmlns="" > > xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssec > urity-utility-1.0.xsd" > > xmlns:xsd="http://www.w3.org/2001/XMLSchema"; > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> > 15 > </value> > </add> > </SOAP-ENV:Body> > </SOAP-ENV:Envelope> > > > With kind regards, > > Jos Dirksen > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
