On Aug 26, 2009, at 1:49 AM, Mark Petrovic wrote:
> Hello.
>
> I'm using Jersey for REST-based web services, and was wondering if
> it can be configured to sign XML documents using XML Digital
> Signatures (e.g., see http://java.sun.com/developer/technicalArticles/xml/dig_signature_api/)?
> Jersey does so many other things that make WS a breeze, I just
> figured it might be able to help with this, too. Can it? Or
> rather, does it?
>
It is possible to plug in DSig support.
You could write a container response filter that operates on
application/xml media types.
See the following thread for my answer to a similar question:
http://glassfish.markmail.org/search/?q=Access+to+raw+XML+in+Jersey#query
:Access%20to%20raw%20XML%20in%20Jersey+page:1+mid:6be2yecmiiwice3l+state:results
This does require that an XML document is created then re-parsed into
canonical form to be placed in the DSig envelope.
An alternative might be to detect the Java type that will be
serialized and wrap it around another type e.g. Signed, which could
also be utilized by the developer, for example:
public Signed<MyJAXBObject> get() {
...
}
and have a message body writer perform the signing and defers to the
MessageBodyWorks to serialized the parameterized type. The nice thing
about that approach is it can potentially work for reading as well,
and thus the application can obtain the signature information too.
Paul.