Safeguard your XML based messages 4
A real-world example of Apache XML Security
To make this tutorial slightly more interesting, I discuss the Apache XML Security library in the context of the Apache Axis project. Axis is Apaches next-generation SOAP implementation and has an extremely extensible architecture. Unlike the previous Apache SOAP implementation, Axis allows you to get into the engine and extend the SOAP (that is, message) processing with your own custom code in the form of handlers. I exploited that exact feature to create a custom handler that digitally signs the SOAP request message from the client just before it hits the wire, and then verifies and removes the signature on the server side. Similarly, when the server sends back a SOAP response, the handler signs it on the sever side and verifies it on the client side. The figure below shows the flow of messages between the client and the server.
The handler uses Apache XML Security to sign the SOAP message and later verify the signature. Obviously, in this scenario, both the client and server use the Axis SOAP engine, but the client does not have to use Axis. The digital signature XML that Apache XML Security creates complies with W3Cs XML Signature specification and hence can be consumed and verified by any compliant client.
The handlers mechanics and configuration reach beyond this articles scope. However, we will certainly look at the Apache XML Security-related code within it.
For example, you can look at: http://www.javaworld.com/javaworld/jw-12-2002/jw-1220-xmlsecurity.html?page=2
Safeguard your XML based messages 2
Safeguard your XML based messages 3
About Super Global
Top 7 PHP Security Blunders (1)
Preventing directory listing
Howto create a password for a htpasswd file using PHP
Prevent htaccess From Hack 3
Protecting your bandwidth
|© 2001 - 2017 Tatamedia Solusindo ||