Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Get the body content in SOAP message

 
Samuel E. Nascimento
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, folks!

I have a WEB Service that receive SOAP messages according to the next model:

The XML in the cteDadosMsg are signed and I have to validate this signature. That's my problem, how to get the XML content as a String?
I tried use XFire and Axis to implement this WEB Service, but both wrapped the XML content on objects that aren't Strings (objects created by Jaxb).

Samuel
 
Ivan Krizsan
Ranch Hand
Posts: 2198
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!
You question:
To get the text representation of a SOAP message from a JAXB object, you can feed the object to a zero transform that writes to an output stream.

Risks with calculating a signature from a text string representation of a SOAP message:
However, when calculating the signature of a SOAP message, I suggest you use XML Signature (http://en.wikipedia.org/wiki/XML_Signature) or some other readily available method. Why? Consider the following cases:
  • You have SOAP messages with the same content, but one using the namespace prefix abc and the other using the namespace prefix bcd.
  • In your SOAP messages, there is an element which can have more than one attributes. The ordering of the attributes is not significant to SOAP and should not affect an algorithm calculating the signature of the SOAP message.

  • If you calculate a signature of the non-canonical SOAP messages, you will get two different signatures.
    Thus, XML should be canonicalized first, then a signature can be calculated.
    Best wishes!
     
    Samuel E. Nascimento
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi, Krizan!

    Thanks for you answer. Really in the SOAPMessage object has the write(OutputStream) method, and this method will to resolve my problem.

    But this WEB Service was implemented using XFire framework and, according XFire documentation, the way to get SOAP message before processing of business logic is using a AbstractHandler subclass. The question now is how to get a SOAPMessage object using the XFire framework? The AbstractHandler has a invoke(MessageContext) abstract method and MessageContext object hasn't a way to get the SOAPMessage object directly.

    Just for clarify the things, the choice for the XFire don't depends me, ok?

    Thanks again for your help!

    Samuel
     
    Ivan Krizsan
    Ranch Hand
    Posts: 2198
    1
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi!
    Have you seen this webpage? http://cxf.apache.org/docs/ws-security.html
    If you scroll down, there is a section on signing SOAP messages.
    Best wishes!
     
    Samuel E. Nascimento
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi, Krizsan!

    No, I'm not see this page. I just search on the XFire pages. I should see the CXF pages before. Well, Monday in work I sow this page for my team.

    Thanks a lot, again!!!

    Samuel
     
    Samuel E. Nascimento
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi, Kriszan!

    Firstly, sorry for my late contact.

    I saw the page indicated for you and I have a doubt. On the section about signing SOAP messages is it explain how to signing all SOAP messages (the header and body) or just parts of the message?

    Just for clarify the things, on XML that wrapped over the body has a tag called "signature" and your value is the XML signature. So, to validate this signature we have to "re-sign" the XML and to comparer the values.

    Thanks a lot, again...
     
    Ivan Krizsan
    Ranch Hand
    Posts: 2198
    1
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Hi!
    Check the WSS4J API documentation at: http://ws.apache.org/wss4j/apidocs/index.html
    You will want to use the class WSSecSignature and in it, the method setParts to specify which part(s) of the SOAP message you want to sign.
    Best wishes!
     
    Samuel E. Nascimento
    Greenhorn
    Posts: 5
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Krizsan,

    thanks for your help. Your answers help me to change the method that we were using for process the messages.
    Now all is working fine!

    Thanks, again...
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic