InfoCenter Home >
4: Developing applications >
4.8: Web services - an overview >
4.8.4: Securing SOAP services >
4.8.4.2: SOAP signature components >
4.8.4.2.3: Signature Header Handler

4.8.4.2.3: Signature Header Handler

The Signature Header Handler (SHH) inserts a digital signature header into a SOAP envelope. You can customize the SHH configuration with a configuration file. For example, you can specify a signing policy and the key store file.

There are two signature configuration files:

The soapsamples.ear file contains samples of these configuration files.

An explanation of each configuration element in the Signature Header follows:

  • KeyStore

    The KeyStore element specifies a keystore file that holds the signing key. In the following example, the attribute "type" indicates a key store type, and "jks" indicates Java Key Store. "path" is a keystore file, and "storepass" is its store password.

    <KeyStore
    type="jks"
    path="key\SOAPserver"
    storepass="server"
    />
    

    The Key Management tool (iKeyman) can be used to create a keystore file.

  • Policy

    The PublicKey element specifies the information that should be included in the <ds:KeyInfo> element. With the current implementation, you must either include the complete certificate chain, or omit the <ds:KeyInfo> When <ds:KeyInfo> is ommitted, the recipient must know the default key to verify the signature.

  • Template

    The contents of the Template element specify all the details related to XML Signature, including signature algorithms, digest algorithms, canonicalization algorithms, transform algorithms, the portion of the SOAP envelope to be signed, and so on.

  • Object

    The template can also have Object element(s) for additional authentication information, such as a timestamp.

  • ValueOfTimestamp

    This SHH understands one special element type, ValueOfTimestamp, which is replaced with a current time and date before being inserted into the signature.

Go to previous article: Envelope Editor Go to next article: Verification Header Handler

 

 
Go to previous article: Envelope Editor Go to next article: Verification Header Handler