The Enterprise Gateway can extract the signature from an XML message using several
different methods. The signature can be extracted:
Select the most appropriate method from the
Signature Location dropdown. Your selection will
depend on the types of SOAP messages that you expect to receive. For
example, if incoming SOAP messages will contain an XML Signature within
a WS-Security block, you should choose this option from the dropdown.
Using WS-Security Actors:
If the signature is present in a WS-Security block:
-
Select WS-Security block from the
Signature Location dropdown list.
-
Select a SOAP Actor from the Select Actor/Role(s)
dropdown. Each Actor uniquely identifies a separate WS-Security
block. By selecting Current actor only from
the dropdown, the WS-Security block with no Actor will be taken.
-
In cases where there may be multiple signatures within the
WS-Security block, it is necessary to extract one using the
Signature Position field.
The following is a skeleton version of a message where the XML Signature
is contained within the sample WS-Security block,
i.e. soap-env:actor="sample" .
| | |
|
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"
s:actor="sample">
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" id="s1">
....
</dsig:Signature>
</wsse:Security>
</s:Header>
<s:Body>
<ns1:getTime xmlns:ns1="urn:timeservice">
</ns1:getTime>
</s:Body>
</s:Envelope>
| |
| | |
|
SOAP Header:
If the signature is present in the SOAP Header:
-
Select SOAP message header from the
Signature Location dropdown list.
-
If there is more than one signature in the SOAP Header, then it
is necessary to specify which signature the Enterprise Gateway should use.
Specify the appropriate signature by
setting the Signature Position field.
The following is an example of an XML message where the XML Signature is
contained within the SOAP header:
| | |
|
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" id="s1">
....
</dsig:Signature>
</s:Header>
<s:Body>
<ns1:getTime xmlns:ns1="urn:timeservice">
</ns1:getTime>
</s:Body>
</s:Envelope>
| |
| | |
|
Using XPath:
Finally, an XPath expression can be used to locate the signature.
-
Select Advanced (XPath) from the
Signature Location dropdown list.
-
Select an existing XPath expression from the dropdown, or add a
new one by clicking on the Add button. XPath
expressions can also be edited or removed with the
Edit and Remove buttons
respectively.
The default First Signature XPath expression takes
the first signature from the SOAP Header. The expression is as follows:
XPath Expression: |
//s:Envelope/s:Header/dsig:Signature[1] |
To edit this expression, click the Edit button to
display the Enter XPath Expression dialog.
An example of a SOAP message containing an XML Signature in the SOAP
header is provided below. The following XPath expression instructs
the Enterprise Gateway to extract the first signature from the SOAP header:
XPath Expression:
|
//s:Envelope/s:Header/dsig:Signature[1] |
Because the elements referenced in the expression (Envelope
and Signature ) are prefixed elements,
you must define the namespace mappings for each of these elements as follows:
Prefix |
URI |
s |
http://schemas.xmlsoap.org/soap/envelope/ |
dsig |
http://www.w3.org/2000/09/xmldsig# |
| | |
|
<?xml version="1.0" encoding="UTF-8"?>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" id="s1">
....
</dsig:Signature>
</s:Header>
<s:Body>
<product xmlns="http://www.oracle.com">
<name>SOA Product*</name>
<company>Company</company>
<description>Web Services Security</description>
</product>
</s:Body>
</s:Envelope>
| |
| | |
|
When adding your own XPath expressions, you must be careful to define
any namespace mappings in a manner similar to that outlined above.
This avoids any potential clashes that might occur where elements of the
same name, but belonging to different namespaces are present in an XML
message.
|