users@glassfish.java.net

Re: JAXB namespace problems

From: Martin Grebac <martin.grebac_at_oracle.com>
Date: Mon, 31 Oct 2011 13:57:19 +0100

Hi,
 for JAXB RI it's not directly possible because the RI is design to
handle namespaces automatically. For your use perhaps best would be to
implement a handler which would rework the namespaces based on your
requirements. That however means performance implications.
 MartiNG

On 10/27/2011 05:00 PM, Tomaž Rotovnik wrote:
> Hi
>
> I create a WS client and perform connection to the server. It includes
> Reliable messaging, addressing feature and secure connection trough
> x509 certificate. I believe that the XML message which was sent had
> the next structure:
>
> <SendLDoc xmlns="http://earchive.gama-system.com/services">
> <xdkLDoc>
> <LDoc*:LDoc*
> xmlns*:LDoc*="http://schemas.posta.si/earchive/sendldoc.xsd"
> version="1.0">
> <PDocs xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <PDoc>
> <Binary>true</Binary>
> <DataBinary
> Id="Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">YmxhIGJsYQ0KaGVjDQo=</DataBinary>
> <Filename>test1</Filename>
> <FileExtension>txt</FileExtension>
> <Signed>false</Signed>
> <Encrypted>false</Encrypted>
> <Signature*:Signature*
> xmlns*:Signature*="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> ...
> <Reference URI="#Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">
> ...
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature*:Signature*>
> </PDoc>
> </PDocs>
> <Nodes xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <Node>
> <Code>WEBI</Code>
> </Node>
> </Nodes>
> <Label xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">WSIT5</Label>
> <Author
> xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">Tomaz</Author>
> </LDoc*:LDoc*>
> </xdkLDoc>
> </SendLDoc>
>
> The above message was received from logger on client side from the
> method "public void encryptData(OutputStream eos)" which is part of
> com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor class (I set
> logger.setLevel(Level.ALL);)
>
> Unfortunatelly I would like to send message which will look like that:
>
> <SendLDoc xmlns="http://earchive.gama-system.com/services">
> <xdkLDoc>
> <LDoc xmlns="http://schemas.posta.si/earchive/sendldoc.xsd" version="1.0">
> <PDocs xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <PDoc>
> <Binary>true</Binary>
> <DataBinary
> Id="Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">YmxhIGJsYQ0KaGVjDQo=</DataBinary>
> <Filename>test1</Filename>
> <FileExtension>txt</FileExtension>
> <Signed>false</Signed>
> <Encrypted>false</Encrypted>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> ...
> <Reference URI="#Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">
> ...
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </PDoc>
> </PDocs>
> <Nodes xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <Node>
> <Code>WEBI</Code>
> </Node>
> </Nodes>
> <Label xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">WSIT5</Label>
> <Author
> xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">Tomaz</Author>
> </LDoc>
> </xdkLDoc>
> </SendLDoc>
>
>
> As it can be seen I would like to send message without namespaces
> (LDoc and Signature).
>
> Is this possible?
>
> I'm using metro library to create client WS call to .NET WS server.
> I'm using JAXB elements and
> JAXBContext.newInstance(class.getPackage().getName()).createMarshaller()
> to map JAXB object to Document.
> Then I sign the DataBinary tag and call WS sendLDoc to send Document
> to server side.
>
> The problem is when I sign DataBinary tag, server side returns error
> saying wrong signature. I think the signature value is calculated on a
> *message without namespaces*.
I'm cc-ing also Kumar to reply from the Metro security point of view,
maybe there is better solution to this.

> If I remove above mentioned namespaces from mesage and perform local
> validation on client side then the validation is successfull.
>
> If I send the document without signed DataBinary tag server receives
> the message with no error.
>
> I already checked for \n\r characters in SignatureValue, Modulus and
> X509Certificate tags and remove them.
>
> Does anybody could suggest what I need to change on client side to
> successfully transmit signed message to .NET WS server.
>
> Best regards
>
> Tomaz
>
>

-- 
Martin Grebac, GlassFish/Metro/JAXWS/JAXB/Tooling at Oracle
http://blogs.oracle.com/mgrebac
ICQ: 93478885