File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes Get the body content in SOAP message Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Get the body content in SOAP message" Watch "Get the body content in SOAP message" New topic
Author

Get the body content in SOAP message

Samuel E. Nascimento
Greenhorn

Joined: Aug 20, 2009
Posts: 5
Hi, folks!

I have a WEB Service that receive SOAP messages according to the next model:

The XML in the cteDadosMsg are signed and I have to validate this signature. That's my problem, how to get the XML content as a String?
I tried use XFire and Axis to implement this WEB Service, but both wrapped the XML content on objects that aren't Strings (objects created by Jaxb).

Samuel


Space reservations for creative sentences...
Ivan Krizsan
Ranch Hand

Joined: Oct 04, 2006
Posts: 2198
    
    1
Hi!
You question:
To get the text representation of a SOAP message from a JAXB object, you can feed the object to a zero transform that writes to an output stream.

Risks with calculating a signature from a text string representation of a SOAP message:
However, when calculating the signature of a SOAP message, I suggest you use XML Signature (http://en.wikipedia.org/wiki/XML_Signature) or some other readily available method. Why? Consider the following cases:
  • You have SOAP messages with the same content, but one using the namespace prefix abc and the other using the namespace prefix bcd.
  • In your SOAP messages, there is an element which can have more than one attributes. The ordering of the attributes is not significant to SOAP and should not affect an algorithm calculating the signature of the SOAP message.

  • If you calculate a signature of the non-canonical SOAP messages, you will get two different signatures.
    Thus, XML should be canonicalized first, then a signature can be calculated.
    Best wishes!
    Samuel E. Nascimento
    Greenhorn

    Joined: Aug 20, 2009
    Posts: 5
    Hi, Krizan!

    Thanks for you answer. Really in the SOAPMessage object has the write(OutputStream) method, and this method will to resolve my problem.

    But this WEB Service was implemented using XFire framework and, according XFire documentation, the way to get SOAP message before processing of business logic is using a AbstractHandler subclass. The question now is how to get a SOAPMessage object using the XFire framework? The AbstractHandler has a invoke(MessageContext) abstract method and MessageContext object hasn't a way to get the SOAPMessage object directly.

    Just for clarify the things, the choice for the XFire don't depends me, ok?

    Thanks again for your help!

    Samuel
    Ivan Krizsan
    Ranch Hand

    Joined: Oct 04, 2006
    Posts: 2198
        
        1
    Hi!
    Have you seen this webpage? http://cxf.apache.org/docs/ws-security.html
    If you scroll down, there is a section on signing SOAP messages.
    Best wishes!
    Samuel E. Nascimento
    Greenhorn

    Joined: Aug 20, 2009
    Posts: 5
    Hi, Krizsan!

    No, I'm not see this page. I just search on the XFire pages. I should see the CXF pages before. Well, Monday in work I sow this page for my team.

    Thanks a lot, again!!!

    Samuel
    Samuel E. Nascimento
    Greenhorn

    Joined: Aug 20, 2009
    Posts: 5
    Hi, Kriszan!

    Firstly, sorry for my late contact.

    I saw the page indicated for you and I have a doubt. On the section about signing SOAP messages is it explain how to signing all SOAP messages (the header and body) or just parts of the message?

    Just for clarify the things, on XML that wrapped over the body has a tag called "signature" and your value is the XML signature. So, to validate this signature we have to "re-sign" the XML and to comparer the values.

    Thanks a lot, again...
    Ivan Krizsan
    Ranch Hand

    Joined: Oct 04, 2006
    Posts: 2198
        
        1
    Hi!
    Check the WSS4J API documentation at: http://ws.apache.org/wss4j/apidocs/index.html
    You will want to use the class WSSecSignature and in it, the method setParts to specify which part(s) of the SOAP message you want to sign.
    Best wishes!
    Samuel E. Nascimento
    Greenhorn

    Joined: Aug 20, 2009
    Posts: 5
    Krizsan,

    thanks for your help. Your answers help me to change the method that we were using for process the messages.
    Now all is working fine!

    Thanks, again...
     
    I agree. Here's the link: http://aspose.com/file-tools
     
    subject: Get the body content in SOAP message
     
    Similar Threads
    sending xml file works but converting to SOAP message
    SOAP in Java
    Help with SAAJ and SOAP 1.2
    populate data via soap from webservice
    Simple SOAP client