[
https://issues.apache.org/jira/browse/WSS-273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13026048#comment-13026048
]
Jeremy Tadman commented on WSS-273:
-----------------------------------
Possible Solution:
I've managed to work around the problem by making the WSSecSignatureSAML class
use the org.jcp.xml.dsig.internal.dom.XMLDSigRI (Provided by Maven artifact
org.apache.santuario:xmlsec:1.4.4) security provider rather than the default
one to look up the signature and key info factories. i.e. replace
keyInfoFactory = KeyInfoFactory.getInstance("DOM");
signatureFactory = XMLSignatureFactory.getInstance("DOM");
with
keyInfoFactory = KeyInfoFactory.getInstance("DOM", new
org.jcp.xml.dsig.internal.dom.XMLDSigRI());
signatureFactory = XMLSignatureFactory.getInstance("DOM", new
org.jcp.xml.dsig.internal.dom.XMLDSigRI());
This tightly couples the SAML signature feature to this particular
implementation which may or may not be desirable. It could be provided as a
configuration option though. This option should probably be provided for all
uses of these factories so that the user can specify which XML security
implementation to use (no doubt Websphere's implementation will continue to get
in the way in the future...).
> org.apache.ws.security.transform.STRTransform causes ClassCastException when
> wss4j is running on IBM 1.6 JVM
> -------------------------------------------------------------------------------------------------------------
>
> Key: WSS-273
> URL: https://issues.apache.org/jira/browse/WSS-273
> Project: WSS4J
> Issue Type: Bug
> Components: WSS4J Core
> Affects Versions: 1.6
> Environment: Windows XP, IBM 1.6 JVM
> Reporter: Pär-Johan Lif
> Assignee: Colm O hEigeartaigh
>
> I have tried to use wss4j1.6 (alpha version) on IBM's 1.6 JVM. It works fine,
> except for when we are getting a SOAP-message where an STRTransform is used.
> Then we get the following exception below. (I should mention that it works
> on SUN's 1.6 JVM).
> java.lang.ClassCastException: org.apache.ws.security.transform.STRTransform
> incompatible with com.ibm.xml.crypto.dsig.dom.transform.TransformBase
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalTransform(Unmarshalling.java:446)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalTransforms(Unmarshalling.java:422)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalReference(Unmarshalling.java:358)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalSignedInfo(Unmarshalling.java:272)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshalSignature(Unmarshalling.java:196)
> at
> com.ibm.xml.crypto.dsig.dom.Unmarshalling.unmarshal(Unmarshalling.java:96)
> at
> com.ibm.xml.crypto.dsig.dom.FactoryImpl.unmarshalXMLSignature(FactoryImpl.java:217)
> at
> org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:323)
> at
> org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:165)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:303)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:231)
> at
> org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:185)
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
