surabaya web designer
cheap web promotion indonesia
design graphics and online shopping cart
     category      articles    
 

Adsense

Adwords

Article

Blog

CMS

CSS Style

Datacenter

Design Graphics

Flash Animation

Internet Radio

Messenger

Programming

Provider

Search Engine

Security

Security Web

SEF

SEO

Software

Software Web

Safeguard your XML based messages 4

A real-world example of Apache XML Security

To make this tutorial slightly more interesting, I discuss the Apache XML Security library in the context of the Apache Axis project. Axis is Apaches next-generation SOAP implementation and has an extremely extensible architecture. Unlike the previous Apache SOAP implementation, Axis allows you to get into the engine and extend the SOAP (that is, message) processing with your own custom code in the form of handlers. I exploited that exact feature to create a custom handler that digitally signs the SOAP request message from the client just before it hits the wire, and then verifies and removes the signature on the server side. Similarly, when the server sends back a SOAP response, the handler signs it on the sever side and verifies it on the client side. The figure below shows the flow of messages between the client and the server.

The handler uses Apache XML Security to sign the SOAP message and later verify the signature. Obviously, in this scenario, both the client and server use the Axis SOAP engine, but the client does not have to use Axis. The digital signature XML that Apache XML Security creates complies with W3Cs XML Signature specification and hence can be consumed and verified by any compliant client.

The handlers mechanics and configuration reach beyond this articles scope. However, we will certainly look at the Apache XML Security-related code within it.

For example, you can look at: http://www.javaworld.com/javaworld/jw-12-2002/jw-1220-xmlsecurity.html?page=2

OTHER ARTICLES

Safeguard your XML based messages 2

Safeguard your XML based messages 3

About Super Global

Top 7 PHP Security Blunders (1)

Program Security

Preventing directory listing

Howto create a password for a htpasswd file using PHP

Register Global

Prevent htaccess From Hack 3

Protecting your bandwidth