Dims, all, the request is ok - except that the namespaces are repeated every time. This is a waste of bandwidth, but it is not wrong in the "XML sense of using namespaces" :-) .
The problem is IMO part of XML-SEC and Xalan - ther was (is?) a problem in XML-SEC/Xalan that triggers this. Just perform an additonla c14n as the last step after signing and/or encrypting a XML DOM. This is what the WSS4J handlers are doing. Regards, Werner Davanum Srinivas wrote: > that does not look right. could yuo please log a bug report with > sample code to reproduce the problem? > > thanks, > dims > > On 8/29/05, Jos Dirksen <[EMAIL PROTECTED]> wrote: > >>We're currently looking into using WSS4J to sign the messages sent >>between several of our systems. Using the examples and tests all went >>surprisingly well, and the actual process of sighing and validating >>the messages works OK. >> >>We use WSS4J without axis, and just use the API directly. When looking >>at the output of the signing step I noticed a lot of namespaces that >>weren't really necessarily. For example from the test cases provided >>with WSS4J: >> >>Input message: >><?xml version="1.0" encoding="UTF-8"?> >><SOAP-ENV:Envelope >>xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >>xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >>xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <SOAP-ENV:Body> >> <add xmlns="http://ws.apache.org/counter/counter_port_type";> >> <value xmlns=""> >>15 </value> >> </add> >> </SOAP-ENV:Body> >> >> >>This results in the message shown next. What can be seen here is that >>the namespace declarations are repeated on each and every element. >>Although there is technically nothing wrong with this, it seems a bit >>excessive. Is there a way to tune / alter this? Or am I just missing >>something in the configuration? >> >><?xml version="1.0" encoding="UTF-8"?> >><SOAP-ENV:Envelope xmlns="" >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <SOAP-ENV:Header xmlns="" >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <wsse:Security SOAP-ENV:mustUnderstand="1" xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:Signature xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:SignedInfo xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:CanonicalizationMethod >> >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> >> <ds:SignatureMethod >> >> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> >> <ds:Reference URI="#id-15142448" >> xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:Transforms xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:Transform >> >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> >> </ds:Transforms> >> <ds:DigestMethod >> >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; /> >> <ds:DigestValue xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> >> OdONdZz0THG5WAVoj+JKT7Dm2mE= >> </ds:DigestValue> >> </ds:Reference> >> </ds:SignedInfo> >> <ds:SignatureValue xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> >> Bv3TNz86kMtqFOwPHWN8zJ0UOtxbV3OOy5B86e/3+WLcTuroDK7jog== >> </ds:SignatureValue> >> <ds:KeyInfo Id="KeyId-7461949" xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <wsse:SecurityTokenReference >> wsu:Id="STRId-1321194" >> xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:X509IssuerSerial xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <ds:X509IssuerName >> xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> CN=key1 >> </ds:X509IssuerName> >> <ds:X509SerialNumber >> xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; >> >> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> 1124976807 >> </ds:X509SerialNumber> >> </ds:X509IssuerSerial> >> </wsse:SecurityTokenReference> >> </ds:KeyInfo> >> </ds:Signature> >> </wsse:Security> >> </SOAP-ENV:Header> >> <SOAP-ENV:Body wsu:Id="id-15142448" xmlns="" >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <add xmlns="http://ws.apache.org/counter/counter_port_type"; >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> <value xmlns="" >> >> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; >> >> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; >> xmlns:xsd="http://www.w3.org/2001/XMLSchema"; >> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> >> 15 >> </value> >> </add> >> </SOAP-ENV:Body> >></SOAP-ENV:Envelope> >> >> >>With kind regards, >> >>Jos Dirksen >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
