[jira] [Updated] (WSS-508) When using "add inclusive prefixes" and EXC C14N - signature cannot be validated

Thu, 21 Aug 2014 08:15:27 -0700 

     [ 
https://issues.apache.org/jira/browse/WSS-508?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Gene B. updated WSS-508:
------------------------

    Attachment: log 02 - signature verification ok - signed by SOAP UI.txt

Colm, "log 02" is from successfully verified request generated by SOAP UI. I 
will also attach the two requests in XML files for side-by-side comparison: one 
signed by the WSS4J engine, and the other one signed by the SOAP UI.

> When using "add inclusive prefixes" and EXC C14N - signature cannot be 
> validated
> --------------------------------------------------------------------------------
>
>                 Key: WSS-508
>                 URL: https://issues.apache.org/jira/browse/WSS-508
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.0, 2.0.1
>         Environment: WAS 7.x, IBM JDK 1.6, WebSphere JAX-WS stack, MS Windows.
>            Reporter: Gene B.
>            Assignee: Colm O hEigeartaigh
>         Attachments: log 01 - signature verification failed with 
> InclusiveNamespaces PrefixList.txt, log 02 - signature verification ok - 
> signed by SOAP UI.txt
>
>
> Security implemented using WSS4J securement/validation action approach. We 
> are trying to sign the body.
> The provider is a JAX-WS service running on WebSphere JAX-WS stack. Custom 
> handler uses WSS4j to validate security. 
> The consumer is a WebSphere JAX-WS dispatch client – also attaching custom 
> security handler.
> Signature can be validated on the provider side when EXC C14N 
> canonicalization is specified with BST compliance flag relaxed. That is 
> because when we chose to add “InclusiveNamespaces” “PrefixList” on the 
> consumer side, verification fails. When the same test is done with the SOAP 
> UI – signature verifies Ok – so I am blaming the consumer – the signing 
> process - not verification process.
> I am attaching a log file which shows verification failure when the 
> InclusiveNamespaces option is used. If not for this option – this 
> verification would’ve been a success.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to