I've been trying to get the new 2.4.0 release to work in a project that I'm using that uses WS-Security and WS-SecurityPolicy in a WSDL-First SOAP service, and I am getting a signature verification failure:
Caused by: org.apache.ws.security.WSSecurityException: The signature or > decryption was invalid; nested exception is: > > org.apache.ws.security.WSSecurityException: The signature or decryption was > invalid > > at > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:378) > ~[wss4j-1.6.0.jar:1.6.0] > > at > org.apache.ws.security.processor.SignatureProcessor.handleToken(SignatureProcessor.java:174) > ~[wss4j-1.6.0.jar:1.6.0] > > at > org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:396) > ~[wss4j-1.6.0.jar:1.6.0] > > at > org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:248) > ~[cxf-rt-ws-security-2.4.0.jar:2.4.0] > > ... 35 common frames omitted > > Caused by: org.apache.ws.security.WSSecurityException: The signature or > decryption was invalid > > at > org.apache.ws.security.processor.SignatureProcessor.verifyXMLSignature(SignatureProcessor.java:375) > ~[wss4j-1.6.0.jar:1.6.0] > > ... 38 common frames omitted > It's quite possible that I'm missing something (e.g. relating to how WSS4J 1.6 needs to be configured vs WSSJ 1.5, for instance), or this could be a bug of some kind. Any help would be appreciated; I've uploaded sample code that exhibits this problem to: http://www.electronicmuse.com/WSSecurityTutorial.2.4.0-failure.zip Thanks. Ross M. Lodge
