Author: buildbot
Date: Tue Nov 10 13:19:39 2015
New Revision: 971975
Log:
Production update by buildbot for camel
Modified:
websites/production/camel/content/cache/main.pageCache
websites/production/camel/content/spring-boot.html
websites/production/camel/content/xml-security-component.html
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/camel/content/spring-boot.html
==============================================================================
--- websites/production/camel/content/spring-boot.html (original)
+++ websites/production/camel/content/spring-boot.html Tue Nov 10 13:19:39 2015
@@ -92,7 +92,7 @@
<version>${camel.version}</version> <!-- use the same
version as your Camel core version -->
</dependency>
]]></script>
-</div></div><p><code>camel-spring-boot</code> jar comes with
the <code>spring.factories</code> file, so as soon as you add that
dependency into your classpath, Spring Boot will automatically auto-configure
the Camel for you.</p><h3 id="SpringBoot-Auto-configuredCamelcontext"><span
style="line-height: 1.5625;">Auto-configured Camel context</span></h3><p>The
most important piece of functionality provided by the Camel auto-configuration
is <code>CamelContext</code> instance.
Camel auto-configuration creates <code>SpringCamelContext</code> for
your and take care of the proper initialization and shutdown of that context.
Created Camel context is also registered in the Spring application context
(under <code>camelContext</code> bean name), so you can access it just as
the any other Spring bean.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+</div></div><p><code>camel-spring-boot</code> jar comes with
the <code>spring.factories</code> file, so as soon as you add that
dependency into your classpath, Spring Boot will automatically auto-configure
the Camel for you.</p><h3 id="SpringBoot-Auto-configuredCamelcontext"><span
style="line-height: 1.5625;">Auto-configured Camel context</span></h3><p>The
most important piece of functionality provided by the Camel auto-configuration
is <code>CamelContext</code> instance.
Camel auto-configuration creates <code>SpringCamelContext</code> for
you and takes care of the proper initialization and shutdown of that context.
Created Camel context is also registered in the Spring application context
(under <code>camelContext</code> bean name), so you can access it just as
the any other Spring bean.</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[@Configuration
public class MyAppConfig {
@@ -181,7 +181,7 @@ public class InvoiceProcessor {
}
}]]></script>
-</div></div><p>By default consumer and producer templates comes with the
endpoint cache sizes equal to 1000. You can change that values via the
following Spring properties:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
+</div></div><p>By default consumer and producer templates comes with the
endpoint cache sizes equal to 1000. You can change those values via the
following Spring properties:</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: xml; gutter: false; theme: Default"
type="syntaxhighlighter"><![CDATA[camel.springboot.consumerTemplateCacheSize =
100
camel.springboot.producerTemplateCacheSize = 200]]></script>
</div></div><h3
id="SpringBoot-Auto-configuredTypeConverter">Auto-configured TypeConverter</h3><p>Camel
auto-configuration registers <code>TypeConverter</code> instance named
<code>typeConverter</code> in the Spring context.</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
Modified: websites/production/camel/content/xml-security-component.html
==============================================================================
--- websites/production/camel/content/xml-security-component.html (original)
+++ websites/production/camel/content/xml-security-component.html Tue Nov 10
13:19:39 2015
@@ -179,7 +179,7 @@
<to
uri="xmlsecurity:verify://enveloping?keySelector=#selector" />
<to uri="mock:result" />
]]></script>
-</div></div><p>For the signing process, a private key is necessary. You
specify a key accessor bean which provides this private key. For the
validation, the corresponding public key is necessary; you specify a key
selector bean which provides this public key.</p><p>The key accessor bean must
implement the <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java";
rel="nofollow">KeyAccessor</a> interface. The package
<code>org.apache.camel.component.xmlsecurity.api</code> contains the default
implementation class <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java";
rel="nofollow">DefaultKeyAccessor</a> which reads the private key from a Java
keystore.</p><p>The key selector bean must implement the <a shape="re
ct" class="external-link"
href="http://docs.oracle.com/javase/6/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a> interface. The package
<code>org.apache.camel.component.xmlsecurity.api</code> contains the default
implementation class <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java";
rel="nofollow">DefaultKeySelector</a> which reads the public key from a
keystore.</p><p>In the example, the default signature algorithm <code><a
shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></code> is used.
You can set the signature algorithm of your choice by the option
<code>signatureAlgorithm</code> (see below). The signer endpoint creates an
<strong>enveloping</strong> XML signature. If you want to create an <str
ong>enveloped</strong> XML signature then you must specify the parent element
of the Signature element; see option <code>parentLocalName</code> for more
details.</p><p>For creating <strong>detached</strong> XML signatures, see
sub-chapter "Detached XML Signatures as Siblings of the Signed
Elements".</p><h3
id="XMLSecuritycomponent-CommonSigningandVerifyingOptions">Common Signing and
Verifying Options</h3><p>There are options which can be used for both
endpoints, signer and verifier.</p><p> </p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>uriDereferencer</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" clas
s="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/URIDereferencer.html";
rel="nofollow">javax.xml.crypto.URIDereferencer</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>URI dereferencer. You can specify here your own URI
dereferencer, if you want to restrict the dereferencing or have special
requirements for dereferencing.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>baseUri</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Base URI used in the URI dereferencer. Relative URIs
are concatenated with the base URI.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cryptoContextProperties</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Map<String, ? extends
Object></p></td><td c
olspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Crypto context properties. See
<code>javax.xml.crypto.XMLCryptoContext.setProperty(String, Object)</code>. The
properties can depend on the provider. For example, the JDK provider "XMLDSig"
has the property "org.jcp.xml.dsig.validateManifests" for enabling manifest
validation. The following properties are set by default to the value
<code>Boolean.TRUE</code> for the XML verifier:
"<code>org.jcp.xml.dsig.validateManifests</code>",
"<code>javax.xml.crypto.dsig.cacheReference</code>". If the option
<code>secureValidation} is {{true</code> then additionally the properties
"<code>org.apache.jcp.xml.dsig.secureValidation</code>" and
"<code>org.jcp.xml.dsig.secureValidation</code>" are set to
<code>Boolean.TRUE</code> for the XML verifier. If you want to switch these
features off you must set the property values to
<code>Boolean.FALSE</code>.</p></td></tr><tr><td colspan="1" rows
pan="1" class="confluenceTd"><p>disallowDoctypeDecl</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether DTD DOCTYPE declarations shall be
disallowed in the incoming XML message.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>omitXmlDeclaration</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether the XML declaration header shall be
omitted in the output XML message.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>clearHeaders</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="conflue
nceTd"><p>Indicator whether the XML signature message headers defined in <a
shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureConstants.java";
rel="nofollow">XmlSignatureConstants</a> shall be deleted at the end of the
signer or verifier processing.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">schemaResourceUri</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.14.0</strong>. Classpath to the XML Schema
file. If set then the XML document is validated against the XML schema. Must be
set in the case of detached signatures in order to determine the attributes of
type ID. <span>This value can be overwritten by the header
"<code>CamelXmlSignatureSchemaResourceUri</code>". <span>For further
information, s
</span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Signed
Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">outputXmlEncoding</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.15.0</strong>. Character encoding of the
output XML document. If <code>null</code> then UTF-8 is
used.</td></tr></tbody></table></div><h3
id="XMLSecuritycomponent-SigningOptions">Signing Options</h3><p>The signer
endpoint has the following options.</p><p> </p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>keyAccessor</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java";
rel="nofollow">KeyAccessor</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Provides the signing key and the KeyInfo instance.
There is an example implementation which uses a keystore, see <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java";
rel="nofollow">DefaultKeyAccessor</a></p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>addKeyInfoReference</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1
" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether a Reference element refering the
KeyInfo element provided by the key accessor should be added to the XML
signature.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>signatureAlgorithm</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>signature algorithm consisting
of a digest and encryption algorithm. The digest algorithm is used to calculate
the digest of the SignedInfo element and the encryption algorithm is used to
sign this digest. Possible values: <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; rel="nofollow">http://www.w3
.org/2000/09/xmldsig#dsa-sha1</a>, <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>, <a shape="rect"
class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha384</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>digestAlgorithm</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Digest algorithm for calculat
ing the digest of the in-message body. If not specified then the digest
algorithm of the signature algorithm is used. Possible values: <a shape="rect"
class="external-link" href="http://www.w3.org/2000/09/xmldsig#sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#sha1</a>, <a shape="rect"
class="external-link" href="http://www.w3.org/2001/04/xmlenc#sha256";
rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha256</a>, <a shape="rect"
class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#sha384";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#sha384</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmlenc#sha512";
rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha512</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>parentLocalName</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"
><p>Local name of the parent of the Signature element. The Signature element
>will be added at the end of the children of the parent. Necessary for
>enveloped XML signature. If this option and the option
><code><span>parentXpath</span> are</code> null, then an enveloping XML
>signature is created. See also option <code>parentNamespace</code>.
>Alternatively you can specify the parent via the option
><code><span>parentXpath.</span></code></p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd"><p>parentNamespace</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>Namespace of the parent of the Signature element. See
>option <code>parentLocalName</code></p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd">parentXpath</td><td colspan="1" rowspan="1"
>class="confluenceTd">XPathFilterParameterSpec</td><td colspan="1" rowspan="1"
>class=
"confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.15.0</strong>. XPath to the parent of the
Signature element. <span>The Signature element will be added at the end of the
children of the parent. Necessary for enveloped XML signature. <span> If this
option and the option <span><code>parentLocalName</code>
are</span></span><span> null, then an enveloping XML signature is created.
<span>A</span><span>lternatively <span>you can specify the parent via the
option <code>parentLocalName. </code>Example:
<code>/p1:root/SecurityItem[last()] </code>This example will select the last
sibling with the name <code>SecurityItem</code>. Such kind of selection is not
possible with the option
<span><code>parentLocalName</code>.</span></span></span></span></span></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>canonicalizationMethod</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://docs.o
racle.com/javase/7/docs/api/javax/xml/crypto/AlgorithmMethod.html"
rel="nofollow">javax.xml.crypto.AlgorithmMethod</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>C14n</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Canonicalization method used to canonicalize the
SignedInfo element before the digest is calculated. You can use the helper
methods <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a>.getCanonicalizationMethod(String
algorithm) or getCanonicalizationMethod(String algorithm, List<String>
inclusiveNamespacePrefixes) to create a canonicalization
method.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>transformMethods</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>List<javax.xml.crypto.AlgorithmMethod></p></td><td
colspa
n="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Transforms which are executed
on the message body before the digest is calculated. By default, C14n is added
and in the case of enveloped signature (see option
<code>parentLocalName</code>) also <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a> is
added at position 0 of the list. Use methods in <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a> to create the transform
methods.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>prefixForXmlSignatureNamespace</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>ds</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Prefix for the XML signature namespace. If
<code>null</code> is specified or an empty string then no prefix is used for
the signature namespace.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>contentReferenceUri</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>The URI of the reference to the signed content
(in-message body). If <code>null</code> and we are in the enveloped XML
signature case then the URI is set to "". If <code>null</code> and we are in
the enveloping XML signature case then the URI is set to "generated_object_id"
which means that the reference points to the Object element containing the
in-message body. You can use this option to reference a specific part in your
in-message body if you do not wan
t to sign the complete in-message body. This value can be overwritten by the
header "CamelXmlSignatureContentReferenceUri". Please be aware, if you want to
use a value of an XML ID attribute (example: "#ID_value"), then you must
provide the information about the ID attribute via a doctype definition
contained in the input XML document. This option is ignored in the case of
detached signature when the option <code>xpathsToIdAttributes </code>is
set.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>contentReferenceType</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Value of the type attribute of the content reference.
This value can be overwritten by the header
"<code>CamelXmlSignatureContentReferenceType</code>"</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>plainText</p></td><td
colspan="1" rowspan=
"1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether the in-message body contains plain
text. Normally, the signature generator treats the incoming message body as
XML. If the message body is plain text, then you must set this option to
<code>true</code>. The value can be overwritten by the header
"CamelXmlSignatureMessageIsPlainText".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>plainTextEncoding</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Only used when the option <code>plainText</code> is set
to <code>true</code>. Then you can specify the encoding of the plain text. If
<code>null</code> then UTF-8 is used. The value can be overwritten by the
header "<code>CamelXmlSignatureMessag
eIsPlainTextEncoding</code>".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>properties</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>For adding additional References and Objects to the XML
signature which contain additional properties, you can provide a bean which
implements the <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a> interface.</p></td></tr><tr><td
colspan="1" rowspan="1" class="co
nfluenceTd"><p>contentObjectId</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Value of the Id attribute of the Object element. Only
used in the enveloping XML signature case. If <code>null</code> then a unique
value is generated. Available as of
<strong>2.12.2</strong></p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">xpathsToIdAttributes</td><td colspan="1" rowspan="1"
class="confluenceTd">List<<span style="line-height:
1.4285715;">XPathFilterParameterSpec</span>></td><td colspan="1" rowspan="1"
class="confluenceTd">empty list</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.14.0</strong>. List of XPATH expressions
to ID attributes of elements to be signed. Used for the detached XML
Signatures. Can only be used in combination with the option
<code>schemaResourceUri</code><em>. </em><span>The value
can be overwritten by the header
"<code>CamelXmlSignatureXpathsToIdAttributes</code>". If the option
<span><code>parentLocalNam</code><em>e</em> is set at the same time then an
exception is thrown. The class <code>XPathFilterParameterSpec </code>has the
package <code>javax.xml.crypto.dsig.spec</code>. For further information,
s</span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Signed
Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">signatureId</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.14.0</strong>. Value of the Id attribute
of the Signature element. If <code>null</code> then a unique Id is generated.
If the value is the empty string ("") then no Id attribute is added to the
Signature element.</td></tr></tbody></table></div><h3
id="XMLSecuritycomponent-VerifyingOptions">Verifying Op
tions</h3><p>The verifier endpoint has the following
options.</p><p> </p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>keySelector</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Provides the key for validating the XML signature.
There is an example implementation which uses a keystore, see <a shape="rect"
class="external-link" href="
https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java";
rel="nofollow">DefaultKeySelector</a>.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>xmlSignatureChecker</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureChecker.java";
rel="nofollow">XmlSignatureChecker</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This interface allows the application to check the XML
signature before the validation is executed. This step is recommended in <a
shape="rect" class="external-link"
href="http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed";
rel="nofollow">http://www.w3.org/TR/xmldsig-bestprac
tices/#check-what-is-signed</a></p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>validationFailedHandler</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/ValidationFailedHandler.java";
rel="nofollow">ValidationFailedHandler</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultValidationFailedHandler.java";
rel="nofollow">DefaultValidationFailedHandler</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Handles the different validation failed
situations. The default implementation throws specific exceptions for the
different situations (All exceptions have the package name <code>org.a
pache.camel.component.xmlsecurity.api</code> and are a sub-class of
<code>XmlSignatureInvalidException</code>. If the signature value validation
fails, a <code>XmlSignatureInvalidValueException</code> is thrown. If a
reference validation fails, a
<code>XmlSignatureInvalidContentHashException</code> is thrown. For more
detailed information, see the JavaDoc.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>xmlSignature2Message</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java";
rel="nofollow">XmlSignature2Message</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSig
nature2Message.java"
rel="nofollow">DefaultXmlSignature2Message</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Bean which maps the XML signature to the
ouput-message after the validation. How this mapping should be done can be
configured by the options <code>outputNodeSearchType</code>,
<code>outputNodeSearch</code>, and <code>removeSignatureElements</code>. The
default implementation offers three possibilities which are related to the
three output node search types "Default", "ElementName", and "XPath". The
default implementation determines a node which is then serialized and set to
the body of the ouput message. If the search type is "ElementName" then the
ouput node (which must be in this case an element) is determined by the local
name and namespace defined in the search value (see option
<code>outputNodeSearch</code>). If the search type is "XPath" then the output
node is determined by the XPath specified in the search value (in this case the
ouput node can be
of type "Element", "TextNode" or "Document"). If the output node search type
is "Default" then the following rules apply: In the enveloped XML signature
case (there is a reference with URI="" and transform
"http://www.w3.org/2000/09/xmldsig#enveloped-signature";), the incoming XML
document without the Signature element is set to the output message body. In
the non-enveloped XML signature case, the message body is determined from a
referenced Object; this is explained in more detail in chapter "Output Node
Determination in Enveloping XML Signature Case".</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>outputNodeSearchType</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>"Default"</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Determines the type of the search of the output node.
See option <code>xmlSignature2Message</code>. The default implementation
<code>DefaultXmlSignatur
e2Message</code> supports the three search types "Default", "ElementName", and
"XPath".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>outputNodeSearch</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Object</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Search value of the output node search. The type
depends on the search type. For the default search implementation
<code>DefaultXmlSignature2Message</code> the following values can be supplied.
If the search type is "Default", then the search value is not used. If the
search type is "ElementName", then the search value contains the namespace and
local name of the output element. The namespace must be embraced in brackets.
If the search type is "XPath", the search value contains an instance of
<code>javax.xml.crypto.dsig.spec.XPathFilterParameterSpec</code> which
represents an XPath. You can create such an instance via the m
ethod <code><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a></code><code>.getXpathFilter(String
xpath, Map<String, String> namespaceMap)</code>. The XPath determines the
output node which can be of type Element, TextNode, or
Document.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>removeSignatureElements</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator for removing Signature elements in the output
message in the enveloped XML signature case. Used in the
<code>XmlSignature2Message</code> instance. The default implementation does use
this indicator for the two search types "ElementName" and "XPath".</p></td></tr>
<tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureValidation</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Enables secure validation. If true then secure
validation is enabled - see <a shape="rect" class="external-link"
href="http://santuario.apache.org/java150releasenotes.html";>here</a> for more
information.</p></td></tr></tbody></table></div><h4
id="XMLSecuritycomponent-OutputNodeDeterminationinEnvelopingXMLSignatureCase">Output
Node Determination in Enveloping XML Signature Case</h4><p>After the
validation the node is extracted from the XML signature document which is
finally returned to the output-message body. In the enveloping XML signature
case, the default implementation <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/
camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java"
rel="nofollow">DefaultXmlSignature2Message</a> of <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java";
rel="nofollow">XmlSignature2Message</a> does this for the node search type
"Default" in the following way (see option
<code>xmlSignature2Message</code>):</p><p>First an Object reference is
determined:</p><ul><li>Only same document references are taken into account
(URI must start with '#')</li><li>Also indirect same document references to an
object via manifest are taken into account.</li><li>The resulting number of
Object references must be 1.</li></ul><p>Then, the Object is dereferenced and
the Object must only contain one XML element. This element is returned as
output node.</p><p>This does mean that the enveloping XML signature must have
either the structure</p><div c
lass="code panel pdl" style="border-width: 1px;"><div class="codeContent
panelContent pdl">
+</div></div><p>For the signing process, a private key is necessary. You
specify a key accessor bean which provides this private key. For the
validation, the corresponding public key is necessary; you specify a key
selector bean which provides this public key.</p><p>The key accessor bean must
implement the <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java";
rel="nofollow">KeyAccessor</a> interface. The package
<code>org.apache.camel.component.xmlsecurity.api</code> contains the default
implementation class <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java";
rel="nofollow">DefaultKeyAccessor</a> which reads the private key from a Java
keystore.</p><p>The key selector bean must implement the <a shape="re
ct" class="external-link"
href="http://docs.oracle.com/javase/6/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a> interface. The package
<code>org.apache.camel.component.xmlsecurity.api</code> contains the default
implementation class <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java";
rel="nofollow">DefaultKeySelector</a> which reads the public key from a
keystore.</p><p>In the example, the default signature algorithm <code><a
shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></code> is used.
You can set the signature algorithm of your choice by the option
<code>signatureAlgorithm</code> (see below). The signer endpoint creates an
<strong>enveloping</strong> XML signature. If you want to create an <str
ong>enveloped</strong> XML signature then you must specify the parent element
of the Signature element; see option <code>parentLocalName</code> for more
details.</p><p>For creating <strong>detached</strong> XML signatures, see
sub-chapter "Detached XML Signatures as Siblings of the Signed
Elements".</p><h3
id="XMLSecuritycomponent-CommonSigningandVerifyingOptions">Common Signing and
Verifying Options</h3><p>There are options which can be used for both
endpoints, signer and verifier.</p><p> </p><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>uriDereferencer</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" clas
s="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/URIDereferencer.html";
rel="nofollow">javax.xml.crypto.URIDereferencer</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>URI dereferencer. You can specify here your own URI
dereferencer, if you want to restrict the dereferencing or have special
requirements for dereferencing.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>baseUri</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Base URI used in the URI dereferencer. Relative URIs
are concatenated with the base URI.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cryptoContextProperties</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Map<String, ? extends
Object></p></td><td c
olspan="1" rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Crypto context properties. See
<code>javax.xml.crypto.XMLCryptoContext.setProperty(String, Object)</code>. The
properties can depend on the provider. For example, the JDK provider "XMLDSig"
has the property "org.jcp.xml.dsig.validateManifests" for enabling manifest
validation. The following properties are set by default to the value
<code>Boolean.TRUE</code> for the XML verifier:
"<code>org.jcp.xml.dsig.validateManifests</code>",
"<code>javax.xml.crypto.dsig.cacheReference</code>". If the option
<code>secureValidation} is {{true</code> then additionally the properties
"<code>org.apache.jcp.xml.dsig.secureValidation</code>" and
"<code>org.jcp.xml.dsig.secureValidation</code>" are set to
<code>Boolean.TRUE</code> for the XML verifier. If you want to switch these
features off you must set the property values to
<code>Boolean.FALSE</code>.</p></td></tr><tr><td colspan="1" rows
pan="1" class="confluenceTd"><p>disallowDoctypeDecl</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether DTD DOCTYPE declarations shall be
disallowed in the incoming XML message.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>omitXmlDeclaration</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether the XML declaration header shall be
omitted in the output XML message.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>clearHeaders</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="conflue
nceTd"><p>Indicator whether the XML signature message headers defined in <a
shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureConstants.java";
rel="nofollow">XmlSignatureConstants</a> shall be deleted at the end of the
signer or verifier processing.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">schemaResourceUri</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.14.0</strong>. Classpath to the XML Schema
file. If set then the XML document is validated against the XML schema. Must be
set in the case of detached signatures in order to determine the attributes of
type ID. <span>This value can be overwritten by the header
"<code>CamelXmlSignatureSchemaResourceUri</code>". <span>For further
information, s
</span><span>ee sub-chapter "Detached XML Signatures as Siblings of the Signed
Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">outputXmlEncoding</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.15.0</strong>. Character encoding of the
output XML document. If <code>null</code> then UTF-8 is
used.</td></tr></tbody></table></div><h3
id="XMLSecuritycomponent-SigningOptions">Signing Options</h3><p>The signer
endpoint has the following options.</p><p> </p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>keyAccessor</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/KeyAccessor.java";
rel="nofollow">KeyAccessor</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Provides the signing key and the KeyInfo instance.
There is an example implementation which uses a keystore, see <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeyAccessor.java";
rel="nofollow">DefaultKeyAccessor</a></p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>addKeyInfoReference</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1
" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether a Reference element refering the
KeyInfo element provided by the key accessor should be added to the XML
signature.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>signatureAlgorithm</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>signature algorithm consisting
of a digest and encryption algorithm. The digest algorithm is used to calculate
the digest of the SignedInfo element and the encryption algorithm is used to
sign this digest. Possible values: <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; rel="nofollow">http://www.w3
.org/2000/09/xmldsig#dsa-sha1</a>, <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#rsa-sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>, <a shape="rect"
class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha384</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>digestAlgorithm</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>see description</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Digest algorithm for calculat
ing the digest of the in-message body. If not specified then the digest
algorithm of the signature algorithm is used. Possible values: <a shape="rect"
class="external-link" href="http://www.w3.org/2000/09/xmldsig#sha1";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#sha1</a>, <a shape="rect"
class="external-link" href="http://www.w3.org/2001/04/xmlenc#sha256";
rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha256</a>, <a shape="rect"
class="external-link" href="http://www.w3.org/2001/04/xmldsig-more#sha384";
rel="nofollow">http://www.w3.org/2001/04/xmldsig-more#sha384</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2001/04/xmlenc#sha512";
rel="nofollow">http://www.w3.org/2001/04/xmlenc#sha512</a></p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>parentLocalName</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"
><p>Local name of the parent of the Signature element. The Signature element
>will be added at the end of the children of the parent. Necessary for
>enveloped XML signature. If this option and the option
><code><span>parentXpath</span> are</code> null, then an enveloping XML
>signature is created. See also option <code>parentNamespace</code>.
>Alternatively you can specify the parent via the option
><code><span>parentXpath.</span></code></p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd"><p>parentNamespace</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>Namespace of the parent of the Signature element. See
>option <code>parentLocalName</code></p></td></tr><tr><td colspan="1"
>rowspan="1" class="confluenceTd">parentXpath</td><td colspan="1" rowspan="1"
>class="confluenceTd">XPathFilterParameterSpec</td><td colspan="1" rowspan="1"
>class=
"confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.15.0</strong>. XPath to the parent of the
Signature element. <span>The Signature element will be added at the end of the
children of the parent. Necessary for enveloped XML signature. <span> If this
option and the option <span><code>parentLocalName</code>
are</span></span><span> null, then an enveloping XML signature is created.
<span>A</span><span>lternatively <span>you can specify the parent via the
option <code>parentLocalName. </code>Example:
<code>/p1:root/SecurityItem[last()] </code>This example will select the last
sibling with the name <code>SecurityItem</code>. Such kind of selection is not
possible with the option
<span><code>parentLocalName</code>.</span></span></span></span></span></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>canonicalizationMethod</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://docs.o
racle.com/javase/7/docs/api/javax/xml/crypto/AlgorithmMethod.html"
rel="nofollow">javax.xml.crypto.AlgorithmMethod</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>C14n</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Canonicalization method used to canonicalize the
SignedInfo element before the digest is calculated. You can use the helper
methods <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a>.getCanonicalizationMethod(String
algorithm) or getCanonicalizationMethod(String algorithm, List<String>
inclusiveNamespacePrefixes) to create a canonicalization
method.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>transformMethods</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>List<javax.xml.crypto.AlgorithmMethod></p></td><td
colspa
n="1" rowspan="1" class="confluenceTd"><p>see description</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Transforms which are executed
on the message body before the digest is calculated. By default, C14n is added
and in the case of enveloped signature (see option
<code>parentLocalName</code>) also <a shape="rect" class="external-link"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a> is
added at position 0 of the list. Use methods in <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a> to create the transform
methods.</p><p>The Camel header
"<strong>CamelXmlSignatureTransformMethods</strong>" overwrites this option
(since Camel 2.17.0). The header value must be of type string; you specify in a
comma separa
ted list the transform algorithms, for example "<a shape="rect"
class="external-link"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature,http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
rel="nofollow">http://www.w3.org/2000/09/xmldsig#enveloped-signature,http://www.w3.org/TR/2001/REC-xml-c14n-20010315</a>".
In the header you cannot specify transform algorithms which need parameters,
like <a shape="rect" class="external-link"
href="http://www.w3.org/TR/1999/REC-xslt-19991116"; style="line-height:
1.42857;" rel="nofollow">http://www.w3.org/TR/1999/REC-xslt-19991116</a>, <a
shape="rect" class="external-link"
href="http://www.w3.org/2002/06/xmldsig-filter2"; style="line-height: 1.42857;"
rel="nofollow">http://www.w3.org/2002/06/xmldsig-filter2</a>, or <a
shape="rect" class="external-link"
href="http://www.w3.org/TR/1999/REC-xpath-19991116"; style="line-height:
1.42857;"
rel="nofollow">http://www.w3.org/TR/1999/REC-xpath-19991116</a>.</p></td></tr><tr><td
colspan="1" rowspan="1" cl
ass="confluenceTd"><p>prefixForXmlSignatureNamespace</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>ds</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Prefix for the XML signature namespace. If
<code>null</code> is specified or an empty string then no prefix is used for
the signature namespace.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>contentReferenceUri</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>see description</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>The URI of the reference to the signed content
(in-message body). If <code>null</code> and we are in the enveloped XML
signature case then the URI is set to "". If <code>null</code> and we are in
the enveloping XML signature case then the URI is set to "generated_object_id"
which means that the reference points to t
he Object element containing the in-message body. You can use this option to
reference a specific part in your in-message body if you do not want to sign
the complete in-message body. This value can be overwritten by the header
"CamelXmlSignatureContentReferenceUri". Please be aware, if you want to use a
value of an XML ID attribute (example: "#ID_value"), then you must provide the
information about the ID attribute via a doctype definition contained in the
input XML document. This option is ignored in the case of detached signature
when the option <code>xpathsToIdAttributes </code>is set.</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>contentReferenceType</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Value of the type attribute of the content reference.
This value can be overwritten by the header "<code>CamelXmlSigna
tureContentReferenceType</code>"</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>plainText</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator whether the in-message body contains plain
text. Normally, the signature generator treats the incoming message body as
XML. If the message body is plain text, then you must set this option to
<code>true</code>. The value can be overwritten by the header
"CamelXmlSignatureMessageIsPlainText".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>plainTextEncoding</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Only used when the option <code>plainText</code> is set
to <code>true</code>. Then you can specify th
e encoding of the plain text. If <code>null</code> then UTF-8 is used. The
value can be overwritten by the header
"<code>CamelXmlSignatureMessageIsPlainTextEncoding</code>".</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>properties</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureProperties.java";
rel="nofollow">XmlSignatureProperties</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>For adding additional References and Objects to the XML
signature which contain additional properties, you can provide a bean which
implements the <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecur
ity/api/XmlSignatureProperties.java" rel="nofollow">XmlSignatureProperties</a>
interface.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>contentObjectId</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Value of the Id attribute of the Object element. Only
used in the enveloping XML signature case. If <code>null</code> then a unique
value is generated. Available as of
<strong>2.12.2</strong></p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">xpathsToIdAttributes</td><td colspan="1" rowspan="1"
class="confluenceTd">List<<span style="line-height:
1.4285715;">XPathFilterParameterSpec</span>></td><td colspan="1" rowspan="1"
class="confluenceTd">empty list</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.14.0</strong>. List of XPATH expressions
to ID attributes of elements to be signed.
Used for the detached XML Signatures. Can only be used in combination with
the option <code>schemaResourceUri</code><em>. </em><span>The value can be
overwritten by the header "<code>CamelXmlSignatureXpathsToIdAttributes</code>".
If the option <span><code>parentLocalNam</code><em>e</em> is set at the same
time then an exception is thrown. The class <code>XPathFilterParameterSpec
</code>has the package <code>javax.xml.crypto.dsig.spec</code>. For further
information, s</span><span>ee sub-chapter "Detached XML Signatures as Siblings
of the Signed Elements".</span></span></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">signatureId</td><td colspan="1" rowspan="1"
class="confluenceTd">String</td><td colspan="1" rowspan="1"
class="confluenceTd">null</td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Since 2.14.0</strong>. Value of the Id attribute
of the Signature element. If <code>null</code> then a unique Id is generated.
If the value is the empty string ("") th
en no Id attribute is added to the Signature
element.</td></tr></tbody></table></div><h3
id="XMLSecuritycomponent-VerifyingOptions">Verifying Options</h3><p>The
verifier endpoint has the following options.</p><p> </p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Name</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>keySelector</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="http://docs.oracle.com/javase/7/docs/api/javax/xml/crypto/KeySelector.html";
rel="nofollow">javax.xml.crypto.KeySelector</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Provides the
key for validating the XML signature. There is an example implementation which
uses a keystore, see <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultKeySelector.java";
rel="nofollow">DefaultKeySelector</a>.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>xmlSignatureChecker</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureChecker.java";
rel="nofollow">XmlSignatureChecker</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This interface allows the application to check the XML
signature before the validation is executed. This step is recommended in <a
shape="rect" cl
ass="external-link"
href="http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed";
rel="nofollow">http://www.w3.org/TR/xmldsig-bestpractices/#check-what-is-signed</a></p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>validationFailedHandler</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/ValidationFailedHandler.java";
rel="nofollow">ValidationFailedHandler</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultValidationFailedHandler.java";
rel="nofollow">DefaultValidationFailedHandler</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Handles the different validation failed
situations. The default implementation throws specific exceptions for the
different situations (All exceptions have the package name
<code>org.apache.camel.component.xmlsecurity.api</code> and are a sub-class of
<code>XmlSignatureInvalidException</code>. If the signature value validation
fails, a <code>XmlSignatureInvalidValueException</code> is thrown. If a
reference validation fails, a
<code>XmlSignatureInvalidContentHashException</code> is thrown. For more
detailed information, see the JavaDoc.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>xmlSignature2Message</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p><a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java";
rel="nofollow">XmlSignature2Message</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p><a shape="rect" class="external-link" href=
"https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java";
rel="nofollow">DefaultXmlSignature2Message</a></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Bean which maps the XML signature to the
ouput-message after the validation. How this mapping should be done can be
configured by the options <code>outputNodeSearchType</code>,
<code>outputNodeSearch</code>, and <code>removeSignatureElements</code>. The
default implementation offers three possibilities which are related to the
three output node search types "Default", "ElementName", and "XPath". The
default implementation determines a node which is then serialized and set to
the body of the ouput message. If the search type is "ElementName" then the
ouput node (which must be in this case an element) is determined by the local
name and namespace defined in the search value (see option
<code>outputNodeSearch</code>).
If the search type is "XPath" then the output node is determined by the XPath
specified in the search value (in this case the ouput node can be of type
"Element", "TextNode" or "Document"). If the output node search type is
"Default" then the following rules apply: In the enveloped XML signature case
(there is a reference with URI="" and transform
"http://www.w3.org/2000/09/xmldsig#enveloped-signature";), the incoming XML
document without the Signature element is set to the output message body. In
the non-enveloped XML signature case, the message body is determined from a
referenced Object; this is explained in more detail in chapter "Output Node
Determination in Enveloping XML Signature Case".</p></td></tr><tr><td
colspan="1" rowspan="1"
class="confluenceTd"><p>outputNodeSearchType</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>"Default"</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Determi
nes the type of the search of the output node. See option
<code>xmlSignature2Message</code>. The default implementation
<code>DefaultXmlSignature2Message</code> supports the three search types
"Default", "ElementName", and "XPath".</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>outputNodeSearch</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Object</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>null</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Search value of the output node search. The type
depends on the search type. For the default search implementation
<code>DefaultXmlSignature2Message</code> the following values can be supplied.
If the search type is "Default", then the search value is not used. If the
search type is "ElementName", then the search value contains the namespace and
local name of the output element. The namespace must be embraced in brackets.
If the search type is "XPath", the search value contains an i
nstance of <code>javax.xml.crypto.dsig.spec.XPathFilterParameterSpec</code>
which represents an XPath. You can create such an instance via the method
<code><a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignatureHelper.java";
rel="nofollow">XmlSignatureHelper</a></code><code>.getXpathFilter(String
xpath, Map<String, String> namespaceMap)</code>. The XPath determines the
output node which can be of type Element, TextNode, or
Document.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>removeSignatureElements</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Boolean.FALSE</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Indicator for removing Signature elements in the output
message in the enveloped XML signature case. Used in the <code>XmlSignatu
re2Message</code> instance. The default implementation does use this indicator
for the two search types "ElementName" and "XPath".</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>secureValidation</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>Boolean</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Boolean.TRUE</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Enables secure validation. If true then
secure validation is enabled - see <a shape="rect" class="external-link"
href="http://santuario.apache.org/java150releasenotes.html";>here</a> for more
information.</p></td></tr></tbody></table></div><h4
id="XMLSecuritycomponent-OutputNodeDeterminationinEnvelopingXMLSignatureCase">Output
Node Determination in Enveloping XML Signature Case</h4><p>After the
validation the node is extracted from the XML signature document which is
finally returned to the output-message body. In the enveloping XML signature
case, the default implementatio
n <a shape="rect" class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/DefaultXmlSignature2Message.java";
rel="nofollow">DefaultXmlSignature2Message</a> of <a shape="rect"
class="external-link"
href="https://github.com/apache/camel/blob/master/components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/api/XmlSignature2Message.java";
rel="nofollow">XmlSignature2Message</a> does this for the node search type
"Default" in the following way (see option
<code>xmlSignature2Message</code>):</p><p>First an Object reference is
determined:</p><ul><li>Only same document references are taken into account
(URI must start with '#')</li><li>Also indirect same document references to an
object via manifest are taken into account.</li><li>The resulting number of
Object references must be 1.</li></ul><p>Then, the Object is dereferenced and
the Object must only contain one XML e
lement. This element is returned as output node.</p><p>This does mean that the
enveloping XML signature must have either the structure</p><div class="code
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><