[jira] [Commented] (WSS-328) Impossible to sign BST since 1.6.x

Tue, 03 Jan 2012 03:59:37 -0800 

    [ 
https://issues.apache.org/jira/browse/WSS-328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178701#comment-13178701
 ] 

Colm O hEigeartaigh commented on WSS-328:
-----------------------------------------

Hi Willem,

I added a test to show how to do this. The test adds a BinarySecurityToken to 
the security header, and signs the SOAP Body and BST, while also referencing 
the BST in the KeyInfo of the Signature:

http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/SignedBSTTest.java?view=markup&pathrev=1226749

Colm.
                
> Impossible to sign BST since 1.6.x
> ----------------------------------
>
>                 Key: WSS-328
>                 URL: https://issues.apache.org/jira/browse/WSS-328
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 1.6.3
>            Reporter: Willem Salembier
>            Assignee: Colm O hEigeartaigh
>
> The org.apache.ws.security.message.WSSecSignature::build method has been 
> changed to first compute the signature and afterwards prepend the BST to the 
> security header. If the requirement is to sign the BST, the computeSignature 
> doesn't find the BST.
>       Vector<WSEncryptionPart> parts = new Vector<WSEncryptionPart>();
>       parts.add(new WSEncryptionPart(WSConstants.BINARY_TOKEN_LN, 
> WSConstants.WSSE_NS, "Element"));
>       signature.setParts(parts);
> In 1.5.x there was also a wildcard "Token" to sign the security token, but 
> this is not supported anymore in 1.6.x.
>       Vector<WSEncryptionPart> parts = new Vector<WSEncryptionPart>();
>       parts.add(new WSEncryptionPart("Token", null, "Element"));
>       signature.setParts(parts);

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to