InfoCenter Home >
4: Developing applications >
4.8: Web services - an overview >
4.8.4: Securing SOAP services >
4.8.4.2: SOAP signature components >
4.8.4.2.2: Envelope Editor

4.8.4.2.2: Envelope Editor

The Envelope Editor is a component that can be plugged into the Apache SOAP transports. At the server side, it is embedded into the RPC and MessageRouterServlets. At the client side, it is embedded in the FilterTransport, which implements the SOAPTransport interface. WebSphere Application Server provides a PluggableEnvelopeEditor, which can be used to plug-in some editing components such as signature and verification.

Enabling Envelope Editor

At the client side, the configuration of the eEnvelope eEditor is explicitly programmed. On the server side, the transport hook is enabled automatically in the soapsec.war file when you add the "init" param to the RPC and Message router servlets for the EnvelopeEditorFactory. This entry in the web.xml for the soapsec.war file is added automatically when you "soap enable" an application and indicate the service is secure.

Description of the factory class to instantiate Envelope Editors

A factory class creates Envelope Editors at runtime. The factory class is called DSigFactory. The DSigFactory class consumes an editor configuration file, and creates an instance of Envelope Editor. The factory class and the configuration file are specified in:

product_installation_root\installedApps\ear_file_name\soapsec.war\WEB-INF\web.xml
The factory class is described under the <servlet id="Servlet_1"> and <servlet id="Servlet_2"> elements:
<display-name>Apache-SOAP-SEC</display-name>
<description>SOAP Security Enablement WAR</description>
<servlet id="Servlet_1">
<servlet-name>rpcrouter</servlet-name>
<display-name>Apache-SOAP Secure RPC Router</display-name>
<description>no description</description>
<servlet-class>com.ibm.soap.server.http.WASRPCRouterServlet</servlet-class>
<init-param id="InitParam_1">
<param-name>faultListener</param-name>
<param-value>org.apache.soap.server.DOMFaultListener</param-value>
</init-param>
<init-param id="InitParam_2">
<param-name>EnvelopeEditorFactory</param-name>
<param-value>com.ibm.soap.dsig.dsigfactory.DSigFactory</param-value>
</init-param>
<init-param id="InitParam_3">
<param-name>SOAPEvnelopeEditorConfigFilePath</param-name>
<param-value>conf/sv-editor-config.xml</param-value>
</init-param>
</servlet>
<servlet id="Servlet_2">
<servlet-name>messagerouter</servlet-name>
<display-name>Apache-SOAP Secure Message Router</display-name>
<servlet-class>com.ibm.soap.server.http.WASMessageRouterServlet</servlet-class>
<init-param id="InitParam_5">
<param-name>faultListener</param-name>
<param-value>org.apache.soap.server.DOMFaultListener</param-value>
</init-param>
<init-param id="InitParam_6">
<param-name>EnvelopeEditorFactory</param-name>
<param-value>com.ibm.soap.dsig.dsigfactory.DSigFactory</param-value>
</init-param>
<init-param id="InitParam_7">
<param-name>SOAPEnvelopeEditorConfigFilePath</param-name>
<param-value>conf/sv-editor-config.xml</param-value>
</init-param>
</servlet>
EnvelopeEditorFactory is a factory class. SOAPEnvelopeEditorConfigFilePath is a configuration file for Envelope Editor.

Configuration file of Envelope Editor

The configuration file, sv-editor-config.xml is located in:
product_install_root\installedApps\<ear_file_name>\soapsec.war\conf\sv-editor-config.xml
Under the SOAPEnvelopeEditorConfig element, there are two optional elements:
  • incoming
  • outgoing

The incoming and incoming element definitions look like the following example:

<incoming class="com.ibm.xml.soap.security.dsig.SOAPVerifier">
<init-param>
<param-name>filename</param-name>
<param-value>conf/sv-ver-config.xml</param-value>
</init-param>
</incoming>
<outgoing class="com.ibm.xml.soap.security.dsig.SOAPSigner">
<init-param>
<param-name>filename</param-name>
<param-value>conf/sv-sig-config.xml</param-value>
</init-param>
</outgoing>
The incoming element specifies a class which "edits" incoming messages, and a configuration file for the editing class. The outgoing element specifies a class for outgoing message and a configuration file.

Changing the configuration

You do not have a digital signature for response messages if you remove the outgoing element from
product_installation_root\installedApps\<ear_file_name>\soapsec.war\conf\sv-editor-config.xml
and remove the incoming element from
product_installation _root\installedApps\<ear_file_name>\soapsec.war\conf\cl-editor-config.xml
Go to previous article: Keystore files for testing purposes Go to next article: Signature Header Handler

 

 
Go to previous article: Keystore files for testing purposes Go to next article: Signature Header Handler