Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Behold WSE 2.0: Removing Another Layer of WS-Pain : Page 7

To keep up with the flurry of emerging, re-emerging, and otherwise evolving standards for Web services, we need tools—good ones—and we need them all to play nice across platforms.

Signing Multiple Message Parts
You can manually edit the policy file for a Web service or client to specify that multiple message parts are signed by the run time during message serialization, and are properly evaluated during deserialization.

There are two dialects for specifying message parts within the <wssp:MessageParts> element: XPath 1.0 (indicated by Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part") and pre-defined functions supplied in the WS-PolicyAssertions specification (indicated by Dialect="http://www.w3.org/TR/1999/REC-xpath-19991116"). The latter of the two is preferred where possible.

Following the preferred way, it is possible to sign the body, or any header of the SOAP message using these functions: wsp:Body(), wsp:Header(). Headers are described by their Qname; for example wsp:Header(wsa:To) refers to the WS-Addressing <wsa:To> element. In a space-delimited list, to sign a list of WS-Addressing headers along with the body element, the <wssp:MessageParts> element can be customized as follows,:

<wssp:MessageParts Dialect= "http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wsp:Header(wsa:From) </wssp:MessageParts>

This change also requires that the WS-Addressing namespace be declared, which can be done in the <wsp:Policy> element as follows:

<wsp:Policy wsu:Id= "policy-60a43419-c3d2-40c0-994c-fd9cae47ef46" xmlns:wsp= "http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsa= "http://schemas.xmlsoap.org/ws/2003/03/addressing" >

Unfortunately, in the current state of the pre-release of WSE 2.0 the tool can no longer load the policy file once this change has been made. I suspect this will be fixed before its final release, but regardless the policy is valid and can be properly parsed by the WSE run time.

It is also recommended that you use a message predicate assertion to enforce that headers requiring a signature are present in the message. Message predicate support must be manually added to the policy file at this time, which also means that it breaks the tool's ability to view policy. The following snippet shows an assertion that requires the presence of a SOAP body, and WS-Addressing headers To, Action, MessageID and From:

<wsp:MessagePredicate wsp:Usage="wsp:Required" Dialect= "http://schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body() wsp:Header(wsa:To) wsp:Header(wsa:Action) wsp:Header(wsa:MessageID) wsp:Header(wsa:From) </wsp:MessagePredicate>

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date