users@glassfish.java.net

Re: JAXB namespace problems

From: Tomaž Rotovnik <rotovnik.tomaz_at_gmail.com>
Date: Thu, 3 Nov 2011 09:56:54 +0100

Martin Hi.

Thank you for the answer.

Currently I change the code under com.sun.xml.stream.buffer.stax package
(writeFragmentNoEx) to remove unwanted prefixes.
It is nasty solution, but it works.

I think the right solution lies when marshaling JAXB to Document (before
sending), but I don't see it.

Best regards

Tomaz




Dne 31. oktober 2011 13:57 je Martin Grebac
<martin.grebac_at_oracle.com>napisal/-a:

> **
> Hi,
> for JAXB RI it's not directly possible because the RI is design to handle
> namespaces automatically. For your use perhaps best would be to implement a
> handler which would rework the namespaces based on your requirements. That
> however means performance implications.
> MartiNG
>
> On 10/27/2011 05:00 PM, Tomaž Rotovnik wrote:
>
> Hi
>
> I create a WS client and perform connection to the server. It includes
> Reliable messaging, addressing feature and secure connection trough x509
> certificate. I believe that the XML message which was sent had the next
> structure:
>
> <SendLDoc xmlns="http://earchive.gama-system.com/services">
> <xdkLDoc>
> <LDoc*:LDoc* xmlns*:LDoc*="http://schemas.posta.si/earchive/sendldoc.xsd"
> version="1.0">
> <PDocs xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <PDoc>
> <Binary>true</Binary>
> <DataBinary
> Id="Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">YmxhIGJsYQ0KaGVjDQo=</DataBinary>
> <Filename>test1</Filename>
> <FileExtension>txt</FileExtension>
> <Signed>false</Signed>
> <Encrypted>false</Encrypted>
> <Signature*:Signature* xmlns*:Signature*="
> http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> ...
> <Reference URI="#Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">
> ...
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature*:Signature*>
> </PDoc>
> </PDocs>
> <Nodes xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <Node>
> <Code>WEBI</Code>
> </Node>
> </Nodes>
> <Label xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">WSIT5</Label>
> <Author xmlns="http://schemas.posta.si/earchive/sendldoc.xsd
> ">Tomaz</Author>
> </LDoc*:LDoc*>
> </xdkLDoc>
> </SendLDoc>
>
> The above message was received from logger on client side from the method
> "public void encryptData(OutputStream eos)" which is part of
> com.sun.xml.ws.security.opt.impl.enc.CryptoProcessor class (I set
> logger.setLevel(Level.ALL);)
>
> Unfortunatelly I would like to send message which will look like that:
>
> <SendLDoc xmlns="http://earchive.gama-system.com/services">
> <xdkLDoc>
> <LDoc xmlns="http://schemas.posta.si/earchive/sendldoc.xsd" version="1.0">
> <PDocs xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <PDoc>
> <Binary>true</Binary>
> <DataBinary
> Id="Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">YmxhIGJsYQ0KaGVjDQo=</DataBinary>
> <Filename>test1</Filename>
> <FileExtension>txt</FileExtension>
> <Signed>false</Signed>
> <Encrypted>false</Encrypted>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> ...
> <Reference URI="#Id-11111111-8c3a-4cf8-a42c-9f2c00a299ed">
> ...
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </PDoc>
> </PDocs>
> <Nodes xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">
> <Node>
> <Code>WEBI</Code>
> </Node>
> </Nodes>
> <Label xmlns="http://schemas.posta.si/earchive/sendldoc.xsd">WSIT5</Label>
> <Author xmlns="http://schemas.posta.si/earchive/sendldoc.xsd
> ">Tomaz</Author>
> </LDoc>
> </xdkLDoc>
> </SendLDoc>
>
>
> As it can be seen I would like to send message without namespaces (LDoc
> and Signature).
>
> Is this possible?
>
> I'm using metro library to create client WS call to .NET WS server. I'm
> using JAXB elements and
> JAXBContext.newInstance(class.getPackage().getName()).createMarshaller() to
> map JAXB object to Document.
> Then I sign the DataBinary tag and call WS sendLDoc to send Document to
> server side.
>
> The problem is when I sign DataBinary tag, server side returns error
> saying wrong signature. I think the signature value is calculated on a *message
> without namespaces*.
>
> I'm cc-ing also Kumar to reply from the Metro security point of view,
> maybe there is better solution to this.
>
>
> If I remove above mentioned namespaces from mesage and perform local
> validation on client side then the validation is successfull.
>
> If I send the document without signed DataBinary tag server receives the
> message with no error.
>
> I already checked for \n\r characters in SignatureValue, Modulus and
> X509Certificate tags and remove them.
>
> Does anybody could suggest what I need to change on client side to
> successfully transmit signed message to .NET WS server.
>
> Best regards
>
> Tomaz
>
>
>
> --
> Martin Grebac, GlassFish/Metro/JAXWS/JAXB/Tooling at Oraclehttp://blogs.oracle.com/mgrebac
> ICQ: 93478885
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.