InfoCenter Home >
4: Developing applications >
4.8: Web services - an overview >
4.8.4: Securing SOAP services >
4.8.4.2: SOAP signature components >
4.8.4.2.3: Signature Header Handler
4.8.4.2.3: Signature Header Handler
The Signature Header Handler (SHH) inserts
a digital signature header into a SOAP envelope.
You can customize the SHH configuration with a
configuration file. For example, you can
specify a signing policy and the key store
file.
There are two signature configuration
files:
product_installation_root\installedApps\<ear_file_name>\soapsec\conf\sv-sign-config.xml
product_installation_root\installedApps\<ear_file_name>\soapsec\conf\cl-sign-config.xml
The soapsamples.ear file contains samples of these configuration files.
An explanation of each configuration element in the Signature Header follows:
KeyStore
The KeyStore element specifies a keystore file that holds the signing
key. In the following example, the attribute "type" indicates a key
store type, and "jks" indicates Java Key Store. "path" is a keystore
file, and "storepass" is its store password.
<KeyStore
type="jks"
path="key\SOAPserver"
storepass="server"
/>
The Key Management tool (iKeyman) can be
used to create a keystore file.
Policy
The PublicKey element specifies the information that should be included in
the <ds:KeyInfo> element. With the current implementation, you must either
include the complete certificate chain, or
omit the <ds:KeyInfo> When <ds:KeyInfo> is ommitted, the recipient
must know the default key to verify the signature.
Template
The contents of the Template element specify all the details related
to XML Signature, including signature algorithms, digest algorithms,
canonicalization algorithms, transform algorithms, the portion of the
SOAP envelope to be signed, and so on.
Object
The template can also have Object element(s) for additional
authentication information, such as a timestamp.
ValueOfTimestamp
This SHH understands one special element type, ValueOfTimestamp, which
is replaced with a current time and date before being inserted into
the signature.
|
|