Dear Wiki user, You have subscribed to a wiki page or wiki category on "Ws Wiki" for change notification.
The following page has been changed by WernerDittmann: http://wiki.apache.org/ws/FrontPage/WsFx/wss4jFAQ ------------------------------------------------------------------------------ WSS4J users. 1. [#isWSS4J What is WSS4J?] - 1. [#isWSS4Jnot What is WSS4J '''not'''?] + 1. [#isWSS4Jnot What is WSS4J not?] + 1. [#sigverify Problems and errors with Signature verificaton] [[Anchor(isWSS4J)]] @@ -26, +27 @@ JAX-RPC specifications. [[Anchor(isWSS4Jnot)]] - ==== What is WSS4J '''not'''? ==== + ==== What is WSS4J not? ==== WSS4J is '''not''' a tools to * manage certificates or create certificates * encrypt, decrypt, sign, and verify arbitray XML documents + [[Anchor(sigverify)]] + ==== Problems and errors with Signature verificaton ==== + In this case you often an error or waring message similar to this one: {{{ + 08:24:58,371 WARN [Reference] Verification failed for URI "#id-22221245" + org.apache.ws.security.WSSecurityException: The signature verification failed + at org.apache.ws.security.WSSecurityEngine.verifyXMLSignature(WSSecurity + Engine.java:644) + ... + }}} + + Most often this problem occurs if the request message was modified ''after'' it was signed. Mostly + this is due to some ''pretty printing'' where the request message was modified to look nicer. This + pretty printing inserts newlines, blanks and tabs. Very often people think that tese additional + charaters are removed by ''canonicalization'' (c14n) of the message. This is a common misunderstandig. + + C14n does '''not''' remove these newlines or other significant whitespace. For more information on c14n + refer to [http://www.w3.org/TR/xml-c14n Canonical XML]. +
